hxxps://www[.]youtube[.]com/

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528341583493426"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3791175113-1062217823-1177695025-1000\{7D474CEF-DB82-4A77-908F-6571E249B64E}	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3791175113-1062217823-1177695025-1000\{093F3795-2FFA-4280-AA6B-B46B773B1ABB}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
3252	chrome.exe
3252	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: 33	396	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	396	AUDIODG.EXE
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 4964	4620	chrome.exe	15
PID 4620 wrote to memory of 4964	4620	chrome.exe	15
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 400	4620	chrome.exe	35
PID 4620 wrote to memory of 4556	4620	chrome.exe	34
PID 4620 wrote to memory of 4556	4620	chrome.exe	34
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33
PID 4620 wrote to memory of 1192	4620	chrome.exe	33

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98d819758,0x7ff98d819768,0x7ff98d819778
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:2
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2784 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2776 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4812 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4976 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3928 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5516 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3704 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3068 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4868 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=884 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5448 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5940 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5516 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1840,i,4540437870213733239,10008004171779007925,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x2dc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7957c66bdba98a350cd77b04b045590a

SHA1
3b6bfb96b57abe1f6fa83bfe75a211cb7ec2f1bd

SHA256
c00f162d6e8de9236ba690d4fb66e0582397bf9d86764460eb96a1164f2d19a4

SHA512
9a7920ab954e5ab5b02679dce5874cac51702f4322c5c2e132119d7315f32b069d5d483bcb28d8a5757713aa2ff0d8eb664bc9461a11cced037ab1a8cf6e757f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bf69196524d6d135185c213cae454671

SHA1
25e42eefe4cb2c9bd9d46c82a523853b55a1ff98

SHA256
44b8d4879abfa315c0814af5eaffe9fef8ba9c9f1ae98c4da2f450eabb8fa2d4

SHA512
34d9f7f502c3d8d56628cc2612fc7ea8664fb29e153ca9db83eb330ff14bef216445c357cbd07c14997517a0ca146813b25d1b5cbebdff81c92ef8b9a43e05c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
38ba69bb70b5267ce44210b8bae55e06

SHA1
7c429ad66b22b05e11e0a77980574a178d7506ae

SHA256
1edd457a2136b7ae6e61eff89768312416139fb032ab77db3fef69f2d6ea7c24

SHA512
1f2896112edd5378f4a93217957252cc07e43b9e1c834ba70d552f51950f8303f06d340e71b96e2c5d2ce32d302392422437459ec43b7793a579815b72e9b8fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
78ecf93e7523a8b631aa80773737c2e3

SHA1
d2d0d79b2a07504d40f09f06b089a4a35f01c63c

SHA256
9202f96cdad1ad6973cfee171cd1d9ec9ec60676e423a863f6caa4553d474544

SHA512
e22679a4daa3bb876751a7dbafeede918dc38abb0f0678eaf30ba9ed3bafdba7d09361f77e292cef47d4352f8d722b5525b012f6c7bdd150f8675196a72f7f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
8f107cb2b60dc1159f07b27ed2bb6acd

SHA1
73dbe74b44839aadfa7e3c004df2ba6d9ee2e1f2

SHA256
539adbf0a69f41f7f8bc9733c8a038250bc79ff1fd469e5d2cb4987aab95fa8e

SHA512
87f52cabbe3e72d93da1b3a88751284de1052d499d8d88f9e88feab12767f4e3361208f42ae6a22a19b0766c143d77c485a3c02672a3fc969b517cd41d0027bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
1ea1e797cba9bb1f21087f8f50ca7c8c

SHA1
c331d130109c65b26cc5676b47c8120d06196fbb

SHA256
de322ede8c6223311423338149897a32f9e2ab16b5c3f371e2fc829e54cf08a6

SHA512
0ae59ba2aae0088eb8fe722013fc2621ddff213e3d5eb0b4828436b994796d5db7cbcaa9d519165c25bd34e25df99a5691886aa5b249615e8a84f6a77c59db5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
787c0869c3b0eed8b70d90859248cb96

SHA1
f4e81ff867f07ed75b85f5d40e998430ee50b378

SHA256
0f3105abd5fce9f4f85d9ef173b3231bcb9f2c2658b98e84399768c802f83e64

SHA512
0fa6d6d374ce81bf8990d15d36d4c3518d59e232a9869291a1090c1a33c99547a05dbe4c6b1c4b7ab2edaa4cb91ad31142eb4f0bc59983c751760d2885f2d77d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
9418275a8c575045f97caeb913b8454d

SHA1
203135a373b5778424e9bf44bda979c3e80f08d4

SHA256
840425404c66e3f4cbe913f01f4efc41ec83e1ad2a6124d5b099a011e8a2da9d

SHA512
392c681419c67ea76c08d460a9c6179414fa666fbaae6553d2c0ee4f6e5f23fa15982f07923a30fc230e9e2701ca10abf6e0f19fec346c70c44330b594bf076f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
6644b4aa5519b32b71e124ed77e52869

SHA1
6534d5b65459ea4d2cf62bd476da99d43d38e398

SHA256
e7cabebcccfc4c007bc499e7d7616a1bd200d782851a78c1fec3d510b146fde5

SHA512
9ee63be1fe332c40c7fec1faa43af43b03ade20c895ce78562f2b5232dfbe386e503116685f8b7df86d9e4d2027af888bd07db843a391737bba77954b1c489fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
f0275ef7341b6c4847ffb542ff49c463

SHA1
4c8c55b8a79dd4bc9be8d14385dedabb7843d5f5

SHA256
2dc0ee1f3e121063458c56187058cd480a490c871395e57991a5448ad811ec80

SHA512
c34a2d03c36f31eb470de9377695aa8b36aa5fd07f53e2c8eb55a19128097193467e257121f2b2f51f27ac5d46813f217c51557346d79cc63c40c0b3a455cfcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
f1eb180866163221ab9fe1ab0849ff37

SHA1
4e99e98fdf5adf4796628aacc40cfe97628d3afa

SHA256
5fd1348d04564e5f72c432af756320acf571a0159b543c487188399c655dd6b5

SHA512
f5ca670125cf65df0b31ec2e021083dc1806286ccd6cf148c60cb9043f95ce20dfe6d3d4753cb9dc147491e857b29933361abe1c8c145795b921d37aa86ce07d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
8e1ee61bbbc067f397f55de713e5779d

SHA1
705fcf23809b26a8495ba07823fa108bbf0baf47

SHA256
10a81570cb9f98ad3bcf09d7f7371114505efa084fa5e7e89fa4c0373d1b0063

SHA512
1d2709e88a616bcbe3197e456cfdd5268b08672bb76c0c9ffa13b30b060cfb416d76220fa2ddd70fac3493e6ee5e89a7d4fccf5e8aa3990abb5893e2d139aa62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0a1dc7cf8f573e9c0325a694c8a0f1f9

SHA1
d104c664e1ae1d404a40aebf6ba47c0d7c32f58e

SHA256
90e670611f3219aad7aa68ba490f1f0dddb30afbd1c6e15ea41423670e06cf88

SHA512
047c607816e3e5713a896c9c98af4b9da156298e8d4d3f1ef068bc0d9c166b433299ce7de550e055b04723702454199d4721ac8453ed344efbb8ac39d0ddd66b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0ca6e62923c5be3ae10e367a917f9b49

SHA1
279532f3aaf2f5bb794b33a1e47710414033e867

SHA256
945468b19214bf98bba1c49739c26270bdace6dfc0915cd64ba7777988f7c282

SHA512
0e55507294b154fb91250d0f65a89c37ffcc191266801933734bdbec9fb69cabacdbee449b9d88151d21ffa8daf30be3888e90d8847af95e40877b30f492d523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
08f2e0411efec78b8954121c4311dd4f

SHA1
952b68b4b93e8730536cbe0c61c2cbeef22ac9f5

SHA256
17f924f44ec242812063970dbf186e44d888348928a68acb58cbdaba29323407

SHA512
b82db5ac6357303b28ef3a939998815a9edfe3aca3182d9e52f7b99f6244e186cc40168c1023d9167dec7016a2d3090270fff2ec2bd91e7d76ec6337d908c03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a6bb052b-ad46-457a-a1c1-bc49e8fd0b63\index-dir\the-real-index

Filesize
2KB

MD5
4ebb1019b44e1990493bfb293596eb4f

SHA1
da8006de673ce6cd2730a4aaccbbceac6393ff75

SHA256
05471532215a884baae0bbd3ef4c25ddf385bb49379f21c66da8522d144430c4

SHA512
621929ea8c464559e319bddbd4035377cd0f16adf934b4496adb273c65de238d8cac0ca7e550b957d7f06cda04b8398c67537ec818239037eb1d9ef8d8e019d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a6bb052b-ad46-457a-a1c1-bc49e8fd0b63\index-dir\the-real-index~RFe5769a7.TMP

Filesize
48B

MD5
4968aa5d44130e41495019259b571373

SHA1
0acadc372e013a6334253bbda3bb9aabd0c7e9af

SHA256
b2ff564be71da36e3d7fde0be8f97eeeb60ec4b597705f233f139dd1537d676f

SHA512
2451a598ae83f1a80b08031730ab32d9eaad268f7365d208386033a1112c27f73ecbc2c2c337fcfadb58ebdc2a7d2b74b0e0bd8469671a721a7f75fefe673af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
e8be610a7482ad224af87ab99629786c

SHA1
6019df03479dec41263b50cac255776f884e8899

SHA256
e15948ccad496e9abebbd4ac132618dbb6cf8a9acb144f575f8e04566b833f0a

SHA512
c610a66d01c1151da3af57352a5a98bec5944688bce1f76e20eb8b9264f402618b346894db5fe2191daab845df73cbf0f0d6a8cbd15117e822b3a6e412f50eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
e7bdbc9b63ebe98e68d78d1aef58eee9

SHA1
34332332d84b736951f8afd862d0c477e2359d0b

SHA256
25c1cea5b4fc56b1037cc544d06419561dee056d5553397f614566c5ac1412d9

SHA512
3415aefb37c40e4bb303ea7673b1843456f280907f9df33cdc8914d8415b8e967b2cd5bc17379048b824b91e6f495bde64c667a404b9de684dd467fb7673c537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
a1328d77fd22d9164a062e6832f41c7f

SHA1
1751f1c36fe59b646a357f599f7eb74057c78a29

SHA256
4645b63d005de97688f07f82f53ca5f12480361afe297e97e48ede04e9e31c3b

SHA512
9dfd68d9a04b9856132a8b5e1605956c041fa73298c85d3acc14f1fa9b616c542bb7346cb09a208903ee72ac1d0ad53cc8d69324bab0b38cabdd784a29a3c75a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5753ec.TMP

Filesize
119B

MD5
5ed82fad2f31ebb2b648c9434817fae9

SHA1
d25f4f4cc716858a0d9539cd3c9e9a1669b68bf6

SHA256
ae7a1c13f41fb158e9d85d32f11955d6419c4312e6d3a8c9f1b7287fda1e3605

SHA512
fa9ebac11215f40f15abc1ffb8d439380fa415c654faff97ee79f07a8674810fcc0ae0633d5d47b43b0ecccbede13e0a65e641bbe96f3d365df18675c34d24e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
b4d7077698359db20075a5525195f302

SHA1
2a06257665816073656b4aab7e08cd5d4289ab3c

SHA256
aabbcc37f73cf28d599b9095d990c94c2bd8a2bda86340257791cf8bed739490

SHA512
a353f19e29c67c65d7cec64dd6e2d200ed0d3200a6a2ba2a89b4a04e6d25795792043d4acf4b4f9f255d30a06d813b170ad4531f390c9bdb80e49a7560cae260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b46b.TMP

Filesize
48B

MD5
8dedeb84426e58d098b78eacc3ce7252

SHA1
630f261a272cf91eb66078da6f465f5dfa2640b3

SHA256
4d54a41da7537cb8b3399306d20712b594d7fe1581262dbfbcf5c9f64adbdc3b

SHA512
8eb353db13ff6888c615d6e9e825dc98d2ac035310471ce49939c888de9e91175da69e727ffe8f63d803ece73414ef21bc329ac7f1036558265b7aa75f5cb9c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4620_1470649265\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4620_650826381\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4620_650826381\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
a8b391cf3f4867f5e2c049735155bd4e

SHA1
43fb56b9791ee0e1dcb383e7b46882725985ce47

SHA256
fc651c34e3350dd356335dadd56a3b866ee31bed1b028409a289f024cc008aa1

SHA512
987901a2041152985c39f9cba9cbd8abd1376d808353b4838359047edb07e7760078c9ae6b45ab0a573725bf61ab48c769d006de94629a9675f5d09860745fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit