hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbF92ajdaZ1VvVjlYV1BYdmRMNl9jX2JmTUczUXxBQ3Jtc0tuSGloUmw1a0FsM21RT0hZS2VfZUNjZUdpOHNOd1c2UEV4Y0tvTlgwTWFZLXB1NTR2TzVYYTV2Zkp6U2hBaUJUVzVKT0ZzYU9jeWs3S25kRWJ6MnV6eHduRkRCTUNUTTFHRjBweEdFREVxanhOUm5qOA&q=https%3A%2F%2Fncrobloxscript[.]blogspot[.]com%2F2024%2F03%2Froblox-8-level-exploit-delta-roblox-en[.]html&v=sKCdf63u3s4

Analysis

max time kernel
299s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbF92ajdaZ1VvVjlYV1BYdmRMNl9jX2JmTUczUXxBQ3Jtc0tuSGloUmw1a0FsM21RT0hZS2VfZUNjZUdpOHNOd1c2UEV4Y0tvTlgwTWFZLXB1NTR2TzVYYTV2Zkp6U2hBaUJUVzVKT0ZzYU9jeWs3S25kRWJ6MnV6eHduRkRCTUNUTTFHRjBweEdFREVxanhOUm5qOA&q=https%3A%2F%2Fncrobloxscript.blogspot.com%2F2024%2F03%2Froblox-8-level-exploit-delta-roblox-en.html&v=sKCdf63u3s4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133548346499543625"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3270530367-132075249-2153716227-1000\{4C61D6E2-4F14-4A58-8AB9-F2446B99EF6B}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3324	chrome.exe
3324	chrome.exe
5484	chrome.exe
5484	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 4060	3324	chrome.exe	89
PID 3324 wrote to memory of 4060	3324	chrome.exe	89
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 4208	3324	chrome.exe	91
PID 3324 wrote to memory of 2748	3324	chrome.exe	92
PID 3324 wrote to memory of 2748	3324	chrome.exe	92
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93
PID 3324 wrote to memory of 3228	3324	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbF92ajdaZ1VvVjlYV1BYdmRMNl9jX2JmTUczUXxBQ3Jtc0tuSGloUmw1a0FsM21RT0hZS2VfZUNjZUdpOHNOd1c2UEV4Y0tvTlgwTWFZLXB1NTR2TzVYYTV2Zkp6U2hBaUJUVzVKT0ZzYU9jeWs3S25kRWJ6MnV6eHduRkRCTUNUTTFHRjBweEdFREVxanhOUm5qOA&q=https%3A%2F%2Fncrobloxscript.blogspot.com%2F2024%2F03%2Froblox-8-level-exploit-delta-roblox-en.html&v=sKCdf63u3s4
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6bf59758,0x7ffc6bf59768,0x7ffc6bf59778
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:2
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4988 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4952 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5312 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5492 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4144 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5800 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3496 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5884 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5436 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5316 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4000 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5360 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3388 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3388 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4824 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:8
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5692 --field-trial-handle=1884,i,15469255880960087956,16443858280547752538,131072 /prefetch:1
  2⤵
  PID:4532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
44KB

MD5
9d80f283b3c7438b7446cc533eaa4055

SHA1
ff1ea6d51cacdcd59d714029ee8a78d672a7d92b

SHA256
6659c2fadb80ec6b645614a797139e5990bb828ada0d99967b6ef8bb38d75c0c

SHA512
648bfa459502ba1fc96211f873e470c671da98b69fc725d341b0d2ddf4c751cb1e7e7967f162724f37aebd30d441ea6a4fed1cc1128b078c3b23892746236451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
bddb81b855f1865f0803a16a067c6b69

SHA1
1c64015f50fa1e8d6ff6c76c61885264c942161e

SHA256
b9206613acbd9b3537f3d611a554acae7c77e5e4fc31d858299eede70c159023

SHA512
ecca42dc80d048980d805628c70bbfefc40b32ee11f90b97eaa9783b23d7fbcbadf50cc38c06c3ca01c21493b70adc40a5e6a096ac8f8db0223a2398abc191ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
83844ba43f80983fb3ab4d927b31b264

SHA1
b6a94d33de37f60f891767734b5e8a46a86cf23f

SHA256
a676e371cf93231dd6e7534bd08fb72015658fe7b803d006b5c9944d73b156a8

SHA512
9025b7acb69e7f7c98447eb373d6bb669504f48840f46ad3f89343ff01d538ad4c9d90db4150f40e00896f9489af0a9d49b1e40dfb9cf48ed2d3599b88d58950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7d09ec3bb8064e856c7760290d04fd18

SHA1
bedc6942e128a7f127aa2191ea99fb8023628aa9

SHA256
46b7ea8c3081ad0a9ad74462fdcdf876129ca6cf223259390666c72c23a0831b

SHA512
a4e154f328bc11adb8a61a8980e19b7d9225095680283ddd2ea0769efa18e973e18d072beb129312d3d0593a53d0a4177e5b7c92e822911103b1a96db43ab801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
dce7a29a9a513c752b28380731e561d7

SHA1
98a4e3d5829ef3706e070f1a42b24296ffaf9a57

SHA256
fb94307418fe7452a6be202dfd12cebc98e35426d4cb590aecf33380a40c5ff4

SHA512
caf2a742d2b1f4164c7ee2f7080055eb66ebe5a8aff3edd2b176604325baff10e0751439c979216b38851e345f76e8cdaa489a4eeec2de45bd5930b236a1dc9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b41840b3320dcfda57fa14dff1e89b95

SHA1
eb32e7a9643fd15ee730b7cb3c69a7664144e38b

SHA256
84309167b95bb1cd6cd3816c49a87f6b1815c05b07e64ab2a098568a9f055bd8

SHA512
24162144a8b8d00a9cad4f7d6cb161f4d50fb8b9d4fc5ddb7a5ef39895ad291c8bedf4c9afc095cbf6798d204c600c8d8e397dadca31974938823946a17457c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
600b9c697863a7540a300f88837762b5

SHA1
8cdfc6d9316f54bec1309ffcd067210445979aaf

SHA256
cc68a8b8356599d1c3d09a2617a4c0aab9e9a2722e79344b01da74f3656e3b4b

SHA512
bbf8599534e2b8840e618143379dbb52b6a671c1a2cca1b0934ee1548a56b91cadc9e3080ea71034b8fdab1093bb0e6ae80529d370ec36901c4e474194454e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
11936ee5a4fbc0d93750f80cae6d7d04

SHA1
768798dcfb310721be2a5cdee20b333d7577819b

SHA256
3814e9fe83b74eba8783489898760121e19e1b174fa7b38fad3ba324b29b1a31

SHA512
4f0e266e8974d341e49cb4f89258db6879d6d79937ae69b74d2b567f1fe25a38cc926eef9a1a13375b8ee9df7f997f17ff41a71bbefc1c0fe8e520e9b85c7d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
b910adad03c04514213e030c535ac4c0

SHA1
0280bd0ebcd1766252712c0b1b0df5a6d1d06ad9

SHA256
308e668d2dbee6a7b257bae9e21ed196297e0944da9fd8537f169a2df68c73c5

SHA512
5eaa34873b75f26a4c8fe59e5b5df1003792baca2ccab9d13c127de5f7d0390cf31bfbfba392a2a4322544a7a857429b3c9fd91f2d1fd1d773bccafe2de1159a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dc8848e76338f5c41215e63766dc45ae

SHA1
d8097d9cb8ec7e7808a89ec410c0b78f39ec9e12

SHA256
55c307255ae2b91f9f711e723de1edb94a41859cc922cc41d865a09a46efeca9

SHA512
2821c027f7296b692a903b1a5d2baa354d11ce06d856d7e4d857724258e3c3cfcdab40a22cc810277de724952071e780d9cea321fa1a940e077280d8e53a6661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6bd764dc2bd98a62c1698f016c58b328

SHA1
3aad68ee0e19950c568a5e79aea0524c015ed372

SHA256
679b6d6e58704367c3adfdf2976ce0d9bae6fa690382cbf572c5f85cd9443ef5

SHA512
239278dedc3bbcdc355da09fa197411ff0dd8af28260edd83597990cec854b8d90181f842060db4612a22f74a4110d15ee1bbf90986ea75bb7ec845eed24d6d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6c4f5afec876da6a17fce5e29efaefa7

SHA1
783bb9c6069875fabf235a803fd9fa65c390310b

SHA256
9987e73b0bc39790c1c8e9bd334e9df93eda3b85c59252ea399ef482a7287269

SHA512
6b508c3554ae740fcfa85a10fec8c2a39d71ca042260fc18805fcfa9ca7d8f7ea80ccc7ed10cfeaeaedf5d48b3bcc9c716972087029153089ea6aed0b61338c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
98e991b8c7e8291e34d6daa29524078c

SHA1
2821d68ec680082e01a765297cec85618276a903

SHA256
5d8b6644425574f17f88ab2497eed1ed6f0578159c50d0705f2ea8d24fa7886d

SHA512
2307531588098cdc8ee2e6dec22c497bbcf44d04b1efb1693b7fe9022a12a02bb95da6c426f82350d8a9c31da2f3702463dd50b65a0023062501ea3fa3b90105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
72e37ad32bf6b2e3a3b63be6997606ea

SHA1
d40caf505c34c859f88ea74dedb4574f0cf7d669

SHA256
39e04b2ebda68751216e82cb14f2b44b59e834b90ac2346d39e56bd9b12a2e77

SHA512
998c6dcd8e6502c5a95c564f5a17eaff5e90a8916402207f3ae8070bf022c3c59dc2c3ed152253ec05852f912f219145596369ba73ac4487f95997e9d4e1342b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f5fdacb9ebd3420ba8a15c7a847febef

SHA1
e0bef40b8aa1f56b19777b100508223dcf07eb3d

SHA256
9d9e4908c5d5ce3711491cfb78e7bda10ee7316a3057b56a751104312b19f801

SHA512
a0cf54f9c0a8f89bfc89c29781f28c1f104e878c4eb8627fc9579f4cf51497716116369c037c3478015aa686d49258684053b67396b08ef2a68fdf3a6465d33f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5e0a35a278a7615c9652156ac4050603

SHA1
69e4ea630a15bffb4f61abb38114539340594699

SHA256
4caa27db8b99122fc822a101f8a1e31c6ce1e8c3a74bc22eb834fa60f697b858

SHA512
b3367d01d0bbce04fcfbd2df4825a022109446ac58d4c57f751f6231a1d10e1abb57a1cbfcd2662f97269d0c336ee6d6d3cb029ba1000007e4dcd682420ec268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
9574cf1e3edc955b947fd3f018caa93f

SHA1
d1224b907002cad9a67106934464a93e5cc80f76

SHA256
c800217786b7e543d08420a24669dcd1c54444ca20628e2734846dddb5584509

SHA512
2340574a50a26ff1e365b46780977ef7ce864e25ae0c63e4bbfea58ad3bd8e0d2b559e891ef90870aafb92582ac609a12081abe7f5bfc0eeb6d246198cd61e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
7f46391c555954d0b9a9ebf13c765ee4

SHA1
d275093366cb10db7f0c4a22f3dc58bfa777651c

SHA256
01087bfd1517b9256ea021c71e19802ac435358d44a03d90fc9a3d84c483c475

SHA512
e7e8b2c34589699b9a31db8cc2f7eb8a091aa2e8019c4e4e189dbaf0ded0ea2cf13faf5c47134a2d6eb108b6617bd4085ab4612601901d194cb6b32fc3ccd592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
cf971331ca856496d3d9fb320ad138df

SHA1
e28913ccc219c635df136aed9ef238a216ba5103

SHA256
9efd228b30bbeb4c0fe374567fbc51ec07394ccde93337513deb968fba7a54f4

SHA512
af825586a57d1a7561562ae3f9979188885fe5d7bcd58ade365b653e125fd6e2b354c52d5866d5473466612f8a1d6366a8f2a00502ed1167a7eb6b6e2ba84a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
60c227ecba19cb37688d3c75342fbf5d

SHA1
937c4b459120b2d739dace1b88bba070cbbeb877

SHA256
aa423c2171478d228e791088881e987ac9a7498568889c2992bee94f318b4e8e

SHA512
6e05488cdd11f3f5baa52294e0538b636ffa7ac29a7242160550dcbace9bd735e3a46886e72e24fc08ffe5f1371f5e89930ac75aa30a9bd0fe8a15e9c99eb732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
7f5270476e625fd970f619c31a3a6d57

SHA1
150884dc04276997628e729d7b1e9d9e5326cf72

SHA256
aac780ed9a717081ae55068276dd29aac872d15d8df6e501bb3c2df854e527e8

SHA512
3ab55416a11fb1347474dabe6c5d663babecb4df820fccccade548c24cd3debb1f824cc0514f093c180e095b8986affa56a489be2b3d1fbb4df4f63d3d5b20aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a94b0.TMP

Filesize
101KB

MD5
24bce5b65f94ad33ad38310b7449f156

SHA1
0378227b36c6556cfdffcf960a8aae3e905c6b68

SHA256
fdf269767e3d075e765f3c7a467a8c4de66e4f5623fd108492519130bebc49c8

SHA512
009ec6cf25ec56acb7d0248498e77756a4f861a1946361a60e16d4bb4fa123d0ab0f5b58fe486941745e18de40f57096ba393d3fcf4de6cfbf77695652c4bb2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit