36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Resubmissions

13-02-2024 13:07

240213-qc14sabg86 1

13-02-2024 13:06

240213-qccfesae8x 1

13-02-2024 13:03

240213-qakn1sbg35 1

13-02-2024 13:03

240213-qacy6sae3y 1

Analysis

max time kernel
147s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
13-02-2024 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

trigger.ps1
Size

1B
MD5

7215ee9c7d9dc229d2921a40e899ec5f
SHA1

b858cb282617fb0956d960215c8e84d1ccf909c6
SHA256

36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
SHA512

f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133523033019221872"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

powershell.exechrome.exechrome.exe

pid process

4420 powershell.exe
4420 powershell.exe
1268 chrome.exe
1268 chrome.exe
1432 chrome.exe
1432 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

1268 chrome.exe
1268 chrome.exe
1268 chrome.exe
1268 chrome.exe
1268 chrome.exe
1268 chrome.exe
1268 chrome.exe
1268 chrome.exe
1268 chrome.exe

pid	process
4420	powershell.exe
4420	powershell.exe
1268	chrome.exe
1268	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4420	powershell.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

Processes:

chrome.exe

pid	process
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

chrome.exe

pid process

1268 chrome.exe
1268 chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exechrome.exe

description	pid	process	target process
PID 1268 wrote to memory of 1052	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 1052	1268	chrome.exe	chrome.exe
PID 436 wrote to memory of 2600	436	chrome.exe	chrome.exe
PID 436 wrote to memory of 2600	436	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4948	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4032	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 4032	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe
PID 1268 wrote to memory of 2576	1268	chrome.exe	chrome.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\trigger.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0x80,0x10c,0x7ff8e7479758,0x7ff8e7479768,0x7ff8e7479778
2⤵
PID:1052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:2
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:1
2⤵
PID:1112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:1
2⤵
PID:1876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:8
2⤵
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:8
2⤵
PID:4032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4608 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:1
2⤵
PID:1164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:8
2⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:8
2⤵
PID:4916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:8
2⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5128 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:1
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4652 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:1
2⤵
PID:1124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4560 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:1
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4796 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:1
2⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5296 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:1
2⤵
PID:2892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5212 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:1
2⤵
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 --field-trial-handle=1820,i,10051245453398894989,1497756776726475266,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8e7479758,0x7ff8e7479768,0x7ff8e7479778
2⤵
PID:2600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1812,i,16985675840974720798,17579079324867737684,131072 /prefetch:8
2⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1812,i,16985675840974720798,17579079324867737684,131072 /prefetch:2
2⤵
PID:3936

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
371d9afc21a7133058e215e6e73910d3

SHA1
c107b24ea45e9fd718a913aa20bf4f0e18d16788

SHA256
2e87a1107c14b296eee69f736ee4127c7389be44ca82c2ed702ae59de2ba9ae3

SHA512
c40d89b3742737b1d16f871b9767ab49e2096976c72f1167de8f4e0675001dee65057f1596e3725d9394ecdf575252248c462bc8ba83cad6594aee281fb03264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a606555a5fb212c53721c06c6a17eb25

SHA1
6f23a90ab77a24094543d475ab73f8abaa4a7b01

SHA256
ff66b5bc254cc5527a11038976ac10261e098807a2574ad03c24f3847cd84f67

SHA512
acfd12f9ca9fdc3d64c2a83a009179d928a95b5cee4716b75ddefdfa114e6b6ea0f1fa63d4e186dc58e7da64bf2778f2b72604061b10c82484703a10b6e2d490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
9b8a5fc0991c4b1c1d342697064ba73f

SHA1
7419aba9ea1b3701a33c265df4494a3634affe1f

SHA256
b39d95f40bc4431994c0afe11d6f90179c24515b36943a4c80c894052fb4d4d8

SHA512
f78ce8bc61964745cee966336655271524a4c7a4f44ef66a1d6ba937e4f80216d18c8147a98baf47375bf0a7c0bab55f2a63a683682ee94165f55ec52abe4fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
82ab815efa35fa655b43b6c26f00b3d8

SHA1
4aa716d3d99c8504bc850c48a36654291c8a4712

SHA256
abb59aacab4342922ca94c208517915c83aca56deed64b0e48336e4a7c3f3650

SHA512
27e344ddf68f7b33339ac9b7f7016f091f1e7bf86956c46e198a96ea0807fde88ffc92c83f2f8dc3d634a8115f07634bab95b0b6103064dbdde52ba5a33d3aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2d7e2168bb688d6bf192791ba65b74a1

SHA1
fc47459d4cd85467563134171fcdf88f5dc70f99

SHA256
c22b038da4b3d60d8a28b0bf343d4fb1b856e277354d1db884d39a2bb352d9d6

SHA512
ebf0864adbb5180aeceb9d6113223621918b212692673e486818c613fe799c69751f834e5a8ee0de7d1e42fcdf67406649f8ce4a563cb1b3ba262d5c0aa45093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
5b83937cae1e99297c4a9407fe7e8ae0

SHA1
96416a0683ee5d31cab1dbafd901fc71bd8e73bf

SHA256
83664d8e4d46445b9af203f1d031ed0fd5f1a2a2eee2d62188d4675f55cdb73b

SHA512
1d1720c13c9020cc5255f712b81ab2f6a85431788143b0274f65f8ff77ffa2a456331451058f9d2892f0d228c8d0835653cc463d044d4f9fb7d24eaf3375778d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
5a9130c2cdf949d6e548078530da854e

SHA1
cd6b705cc7c1adb3a9fea8eef2ef5b259b9ec284

SHA256
b5494f75b8f9b5fffd00e2e7ef3659d11063fd54a43cbf62bd8044c9bda01b3f

SHA512
738b2e65f1214436f3e28ca1207f29cd61542544b3f85e77fbe00d62aedcfde4e8bb0a9d34dedf18a66e4194212ce3712375ee0cf44ad7b53404bd7cfc001f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
566218f008ffa54e2fb4871a952d1247

SHA1
7420714dabb93f8db9961c94388f90ad35b38bc6

SHA256
3f0a09caf527f5c1589c7b966caa89b84a1102c61a79c7fbe2d4a9d2aa4383b5

SHA512
3bc0e8b868285f6e0db0f024d3f3d7a7b8f9b6dc8f28dfdbc0d31a86e6c9c674a69cca8694718b145557544b31449cff3b2838cb59fa8b5b7c3e1dfdc1664f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
95a0eee9fa5f9727dd525fc66bd3aa64

SHA1
2dc1c7c48a87139f35886fed1b06fb9df0fecec4

SHA256
bf8c7865adb157e106aa786b0fa1fca5711367db985a34e99c0409e17f0d4e90

SHA512
07fde83ae9fb069d8b5445b1cbc06cd66f64b72675b9df49c6658d2196556133cf9bd037b9827a5b66bc6affa23cc047d6b9ae9c925aa05b5d5dd49468f86f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8601cc159f8c9943a64af9cb5a7a4b29

SHA1
0300d2aeafe1eb698a597d4bf524d0cab93be4af

SHA256
892d70d4b678b69fc06f3bc6c79717ec48d244af00d203695800bb37504c9a73

SHA512
f7701fbe3e7e3b65650f6db319cdb41444f5d9ac43ddf2f9089a2736819404409a87e5c8826050502717469d4038046851a1e1625cfca40f0005380f77c8d196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c982f02e18b039f786178d1f58e732c0

SHA1
3ab65f350d56d8e12f406a6b3e77796537178520

SHA256
781c5cd46dd7c2910cae9ba2f3db93025d330125a2d45127c40b3c78e8cf4c57

SHA512
b02ae89b32e1be6978529387103e178298493c0db3606d99591799c9d121dda4be08e7df3b67ab483b42b3d0c6d268e610f6b508a5098b29efc9db48e3e8ea50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d991667d875502516916da855fb60688

SHA1
02a747bdec845d96722b55b53e6a13738dfc19c5

SHA256
99745164d12e1569a5e37bd59124638adb1c3a0a02bfd0510a47e8db208654a9

SHA512
73b2dbb26b0b3967c1983938e375496ce0ddd59cdb8ac1f5f51188beb79d23455cca40ebab040cb60b83743f117b4a948842433d8c8d62b83a207ed6a818af0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ff3943c81185850852fc1892eca5880a

SHA1
0cc1c27ff962b82c61a4e5ea24c1bd6b72b05a8c

SHA256
93fe6f7b8f203c0c8c9047b4113a747a1eb4e17b0903698693321d038477de05

SHA512
fc9584744f80cda97c2acbe0fcb17708d039c20862066e1d4b819d2f4f857090be39fa0e36e47276d2315fa6282a19006123bd09e79de7c7812bfe246a32d6a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bc15bfb4e094bc8e8e698774a750b686

SHA1
aa76ea7a0ab9f3eae0dbf3dd30ac5f241bfa1e09

SHA256
7ac52b6fbb67bdb10f190d8ce495329a55615a6f9967eb2b6974bc4ee205d695

SHA512
fb21e98aca8838e640d4b1828747d1c389e568dd28bed84ccd6e6661846a7c0a0eb8a58d78cc709c7571d6ace8f390653263c8aa1ce0a3dd87d338e6fa30564f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
39f31bd37060b64408df7ef1823c0925

SHA1
e16a93a13b31c4f4d09a928ef7bfe8ac558c20dd

SHA256
8d50fdddb768507b1238a9323d0b1335acea801f08e150ee4837d881828a26ce

SHA512
c5216dfd8f11641931d3bb301b0a2f1ed5d48449997ad0f19aa1296a157e5952aaec1b8fd3152e3d9579601de202744c1222ec5585c25cc85ed43aacef0c85d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6c0a0b06e5023ae163110970582ccf87

SHA1
edfdf4a1d8f1a6c9bcbf0243da83590df02aa530

SHA256
0a40bdea046515cc6b89c2cebf8cd7e2cf5dd2476606485c9277ce27e63b1320

SHA512
46e94bc1d470a563b928e896b8b2ad199a26331663e8bdb5ea2f8905d0348bdab2b80f8b13b1ac7bdad44dffc1a41cf0dc922a77aff877bbd0c864aab978ae3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dbe1298dcf336d412f7c4b4f6fc8a0df

SHA1
27baaad64707f849dfb690adba3130cb0e89d09a

SHA256
2d9fe2a045648763b6520fd1606938d63b3fcb82824f3a3c61790aff8646e1da

SHA512
428574c871918f6c722130690d092fd614db380d68c4213068af33a76920ba033a8cc9bd87a391e9a3d192b08fe72b83d59b9cb13737a6a726126a12c9145e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
49d891f6f24bb704245f4f21e8389119

SHA1
0c72d18fdafacb2b363af8d182167ee8913cafe0

SHA256
0e4d4f395296c84a59c59f7c8e8e41fa000840a68851d9a53f9ab72d52b6bf4a

SHA512
33fa18f460f93ab611da4874cec03ca7e8804944efd209ca6a477b8eeaf4ceb2e6309c2daeb156487a8bcbe46e7b30998d771c4e320c1940df7698ed96a12c30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
fbfeec6d805fa5e3b26ca1abae00b6b8

SHA1
3eb68ea5f0b356a10f34fcdfa30b80bbf80fe7cb

SHA256
f863b785afcff19704d38dc60cc5fd03b7ea21e1ade91f151a69134af2ed971a

SHA512
a0ea5f19f15633c33a38fbba6e9206577e0375597a8c0b13d65321d25ea60be80b9c5000639d0e1d592f48441d95470c03a12ca43981a269d31eaa7927f4ecf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
c7557b4f5c5b90a3adf4cfa59babcc0e

SHA1
4ac4e73cd7186e395d8f34ae474e3ebbe60916b4

SHA256
7191e9d2e8be624c7c6c52a0a54d956dae41e05f0620593f41065bdfa2f8d625

SHA512
b4c3ab4422ab4feab15cb776361297395e8bba855d27a03469a3c36bc7b79dde6f5279ac6028e8e4080c4e2a34937412cf0072fb38f87f3da19b60cbc80d0d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
65286086abf930a559eedcf2c481482c

SHA1
ee23665433812e4cc4ea9469f00b851fc3893abd

SHA256
d53467a9fe7234c24b5ce65722034e7e952eb50bd313af719072d891bfb5ff11

SHA512
1ec72b455087536c02ca0f4e6985c057c65af995dd50f86211017a1bf426d22a5cb4cc38d774ac442f43ade04951708d844a056a50c55dec636a09ab24372267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
44018be410cea83a90ee44de48f302fd

SHA1
0350662745c36f371a45300a08f3f9c2e59b93e3

SHA256
cfd665208c0990269ef635a9ea897c1890e6b16f10fe91d6c5470d05c9943ecf

SHA512
2ee9a956f0e16b4ef5e9b639e54ffc951e42e98b71bc6fd58f6547a1bfed0be9739eff412b00def7947ae28f8c23a2fc66bcc974673ec6cbdbda37080aeb5582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
5c09d40d9904e91d073b5b58be4089f6

SHA1
fdb53a850148f4f5c50a4bbe64fd226816db2bd1

SHA256
53158bec6fe4a6236cd3ba5dd7f36f63bc8813637157fcae1c16ee955b97f431

SHA512
29f6d70fbd4660becd3dcc741b75e39c14ab78d3a546750401d764f2d1ba8af7c26decfcd7d3572f7bff2fece0826cda3cea9ec02e709464fe0ade5c10bcfa51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gaajjiww.poz.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
\??\pipe\crashpad_1268_FJGHLVAHZAKFODDB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4420-15-0x00007FF8E6B90000-0x00007FF8E7652000-memory.dmp

Filesize
10.8MB

Download
memory/4420-11-0x00000273E4F80000-0x00000273E4F90000-memory.dmp

Filesize
64KB

Download
memory/4420-12-0x00000273E4F80000-0x00000273E4F90000-memory.dmp

Filesize
64KB

Download
memory/4420-10-0x00000273E4F80000-0x00000273E4F90000-memory.dmp

Filesize
64KB

Download
memory/4420-9-0x00000273CCA00000-0x00000273CCA22000-memory.dmp

Filesize
136KB

Download
memory/4420-8-0x00007FF8E6B90000-0x00007FF8E7652000-memory.dmp

Filesize
10.8MB

Download