398c45daf283a0bb0a57696cac3c2f67fff96d5ea5f0f53a6f1dd7a693a0e22a

Resubmissions

16-04-2024 10:41

240416-mrjaqsab9w 3

15-04-2024 18:03

240415-wnfj4sfa2v 6

15-04-2024 17:57

240415-wj2xjsce98 10

15-04-2024 17:53

240415-wgfljaeg6s 10

Analysis

max time kernel
1799s
max time network
1689s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
15-04-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MainMenu.rbxm
Size

14KB
MD5

570b9b9cd36ee573826296c9c1e24dea
SHA1

69bb3c2b05b2043b53fa2fa25f3c227d3b3c7bbc
SHA256

398c45daf283a0bb0a57696cac3c2f67fff96d5ea5f0f53a6f1dd7a693a0e22a
SHA512

6d59a8fed062a7a95ddeab579e21f2eda37c9c9a635be657bd1122fb57498f20a18deb9fa3434c4d9dad62bf85a1a9a1751e5e21a7a0403863039edd51a39a82
SSDEEP

192:WkV5Yqitq3KfkjaGRCNkjWKARcZizO9Bpy/nw8vJemQQJ:pDaiLRCJKocZiy9Py/nLvJeyJ

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	discord.com
86	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576778613395934"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-801878912-692986033-442676226-1000\{ABF51E06-5F0A-4193-ABCD-00A34FB52D1D}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2168	chrome.exe
2168	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1980	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2064	2168	chrome.exe	87
PID 2168 wrote to memory of 2064	2168	chrome.exe	87
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 1468	2168	chrome.exe	88
PID 2168 wrote to memory of 3532	2168	chrome.exe	89
PID 2168 wrote to memory of 3532	2168	chrome.exe	89
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90
PID 2168 wrote to memory of 4872	2168	chrome.exe	90

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\MainMenu.rbxm
1⤵
- Modifies registry class
PID:2768

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2eafab58,0x7fff2eafab68,0x7fff2eafab78
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:2
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4356 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5008 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4356 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5108 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3372 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5024 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3300 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3080 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5392 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5404 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5148 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5356 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4528 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3920 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5840 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5840 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6020 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5256 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1144 --field-trial-handle=1792,i,376143600207149371,676288296055008058,131072 /prefetch:8
  2⤵
  PID:5100

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
40KB

MD5
0f81b6d61de3f11df96afa46fb362f45

SHA1
b73925c797fcb5e23b0e0495ebdfb629d16f26e4

SHA256
7171337d694e449b8c4923733effa4185a3eddb330b96e9fd0e4e3497faf5364

SHA512
1c97e4e7357d385613f05f7a16439c25614d553cafdbd18a197c4a369726ec28b372ec6bed8b87a968d74a2585e3c999da9799e6cf558fa9ce25f87010d0e617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d8cb170ee0cf31ef293b9b39e8fdfdb1

SHA1
d139e5368504097f6ab33e90f0c8d31836629e2e

SHA256
62d4ffd0de99d2cf6feb0c3fb5ca2383d2fc7c1c21f90c531d01ac2818971ffe

SHA512
30eb06c5a73a2664f4a16c34f8ef9038f36b40fee5648e5b0d668da8aeff55156870964cec76a8b2451b71183b7128a33a3d24be8d9bb09085f315a4c5278501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b20d377f5002c9625efb4d1677cf4f88

SHA1
596b90d91499968c3d5a740f46ce27e49138b014

SHA256
78d73b0867ce1660e992694cb66b5b280dee2e9bc4a451f4ef663cd10f5c912c

SHA512
a9e24849ea9c363148904c0b9402dfab002f20b9847c9bebdcd95fcc0f82f797ab2b6988a6c32d912e6daeafede7cb07b165ebc132ada420d058603dac190ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
9922bf67fda7644622562490f07aab90

SHA1
a04ade56086f4b9aa48086e9f017f2d0c86d3bda

SHA256
e155e5d652e9c114cd4e73ad928b566b5f5e2df663cfa85ba276784d7cbaffa6

SHA512
9797cc85e64f7ebd0c367d1699f9ea6f84f0a845aae47b387970664a97743c0f86a8634e87208c2ad463b6f9d3c90016b0c8a106983dfbc90f548be40e234b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b698a466c297b26fe1f9678fbbb79d58

SHA1
9e3acd3eab51f797d6341d538aec0fa7af48ff27

SHA256
36ea1472c74ad836fbb63bb22a4168754daceff8777be95f330eb8551b7e0db4

SHA512
2f44d9fba856c90676d82866a67b35bbcfa2191d4bc4b9af617b97c6df9cd3a13ed99cfa666af3b22d28aaa0df389515882de060f99f3c6feac19228e156fda2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
95b6e417e57a9ca9f1522eadb08128a7

SHA1
1a4c8eb932fe9afe8e8d3eb100ebac73b7b26d86

SHA256
4b1c248ac2a7abda252a853e0a04fbf48786b5cf798edcfe46f4e6002c626478

SHA512
b0acd7ac9bf94318cba7c10eec91a52b88760b31f87e0f14decde3a7e179001cc5756ee3d05324d3fd88d351158d5c2aafa101a629ba3db42d6f01d6cb6e3f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
5e78ff70e6e543d18a5d778a2bb1405c

SHA1
e9de689f7eb3404f41d98aa1ed253e6ac02f99dd

SHA256
df4237db7a9836bdb919ba13f4d2d822e88d95987d6289bf65f98009be2f35ce

SHA512
206aa92d74cf5828215e13aec6b04714131d3b7457c6a4a5f293ebc746f70862c28bdf6f7cd5941b6c21d4ec710a894bc6a8ab89212a0081ffda10b3bfbd0614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
3259e700eb462f487100777c5c66f517

SHA1
2aa1cdd5e467f521626363554ae0f9bbbfdeb187

SHA256
8dd7cb2a0b89a2c0d3be49eedbc1b27e2ea6b49c1f7a208803eaafd24ba72947

SHA512
03985573fcff680b83cfd9f22a4f984369d6427201da8e6189978f5f9245028956b271a0fbe570a5ab6b50abe337c839b51eb031d2887e9a4b3da3039bfb8c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
f3f7cfee98c02c11fec514ba587b0c2d

SHA1
05775cb046bc4327dfe8471a05b91a920ac63978

SHA256
581b25a8a21721e07c2646bb1dcd27a01f2411b8b7b82e27750f55005eb1cba9

SHA512
c05a77099cddadbfb2bfbfaae4bbf7ebd1ec652ebb9ce1f07ce8c230f6facbe3048e8b27dff0bb5b93dcabe11826220efa3a42b37cfe57d88dd185fcae6ba3e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1f59438c98b3d497921b0f60740796d8

SHA1
ae3cabcdb08eae20b5c2d7b8e230fe38d2256707

SHA256
b7b97b4fdd9df214b315976ea21467938f45c83ebb6f9ad9d064801233b4d1fb

SHA512
3a730d3023636239220e07328009b48b32e86888daacbc7e4d13258d49d40830f9df6171944d63cf1e4c6e6faee8560d743500ef65b317b8d93f380746629ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7b5ae112ad34ff3d6ea1d88a4b05cece

SHA1
37021d65488a12fa31795dd7056dae43286b70cb

SHA256
ba58dad54ece62956f04dc827a0725fbbfde876fdcee44bdb76acf6f6bfbec5c

SHA512
19d53e7c959c0d5d85b0747b86c5099907804adc3474aafee5d01a58442d43fefce2d65f3fb256716d540215dc40e1724333e443bfae9293ef42e37732c3a879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
99f28a5ac66585f71d96b7b83d9b6102

SHA1
31ef7463f0ad633edc9301b41b1f2c5adef1d33b

SHA256
e9b45164ec30682567284945f29fd9e7c5de7c3a69d52920cc48424e7e386b84

SHA512
dbb60f596cd42ec3caa7c20091a31274d4b89c2a346d1bb95af828a8d3eda7c24b5dea9d368039dc6fe9d5d85c5d83ff36f5e7a6a4c74f37a1f232895f7c651f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
632391dfda80e551f1f82027e1dac477

SHA1
47f9fb71833ff6f70719b6d9fd215d634d105d1f

SHA256
60ce3d0b843252e461f7d80f349d36b34e62516c8a8c6ba7f03a5423c805f9c2

SHA512
70c9857dfb719a01044d289479a05948ff2ee4d58252735baa6bbf6738dbfec8888e31e7615f94dec78bdc341eb7e43848d3191d56ac8c26598dcf44c29724f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fae7aef051a4b72a395a0bee78283374

SHA1
a684d5bba8281ccd12ab3cc985cdcdfec62be27d

SHA256
bdc524217f600d7053fd3a7ecd5d88884e9e677f5917bb97bdd6fb975d88ed8a

SHA512
f4bfb1531f087ea81d6cba0964cd7373c0ee36eb6f1a20347c1df6705ea0143929e22b5ef4e2c3e2f7a073395899494e3f3f673151f4cd10cc786b32ef5cd0c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c27d047e355995bfb5648d4edfb38345

SHA1
ab985609e70aab30c4bfb8620f7de913e7ffeef6

SHA256
8706ecdce9695fd4eca1141ce5451de7eaf0946615a5ce23bdaa0854eed7b906

SHA512
2b9eea68e6ff67d141607546fa6d85f6d57e00ed653816b18eb1aa7fa062484d9e4bffed8d4956911118a9f64a963849655a71fa077d578821978de4af0dd6fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c871f32110a50c58d97dfae038a6633a

SHA1
082400a4bad0f4abf8420d3009e5c78c1013e051

SHA256
24c54e245fac92d3244c69e13fa7828c9d9679881be9fd543f064ef0beb1311f

SHA512
d925e32541f5eae7225d6f7eaf1d773c0cc1a84a568e302a8306f00cfbad2795d9a3941fd7eeaa27221a1624b8fbb30cf14b53b80ab33b62d5801a5cd57533e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
e61cab8ddafed92c30cf48f75d5dd736

SHA1
abedeee5183a4eb7d4e55b13f18fdb6b4cfafe3c

SHA256
555a6250382f1a85f9d951b3dc22ab005ce6724f091af058f6729b572b2b1439

SHA512
2b0b97881102ef16d4ed4dc611e62ace98d190ca0a601b3a4f76afd8dcb06a9e3a3528f6f2657d08bc563cdda2b6a1903c6eeaf9b745bf4dbb93b55953be0556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a22b.TMP

Filesize
120B

MD5
f4c0f9e6e3415d66f0ba64f26af41f47

SHA1
7579296a3868665940e18055a7ece51ec53f25df

SHA256
6edcb012f1e086eff219ad60b9565347eeb39a7cc04e622f5a49f9b9a042b154

SHA512
2410fadbf4f7d1f648a3953a87d4c62d2c37c0c2f2ebf3e1054c3d9af532f61efe33ca0ffae317cd7d84fc9663f8d503ec368a2baaf046a910f48a2c3eb6352c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
a67ce18fa91c1c353a5c9f597696af98

SHA1
f97f95dfc9d231d3d3983701e5bc5aaac2930a29

SHA256
eae6d286b1c6ca844511621c75ff9226f9428034ebf373e8d8549e5fbf761c55

SHA512
0140a8e06c981a5c41f6eb95b82fa71c8c7331ab8c6b021645069a8f52fe9c74d25a29900e98ca2d3489b59a054b60158bfc8b7f8f95aa154182036924af88db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
3d2d9d6f16262adc8e6de31ef1ccbae2

SHA1
8c1d0f80068b3ee0190aee3e87dd30748d45deb4

SHA256
699c0d8a8e0702f71e7fc06a9d60ea9f171443343e42e7ed50fc2176f2f51d29

SHA512
cc64bcd69c9a9ecb3c2212872411b0bdb7825df8c1e9dedb3058606e96acffdb4349b823a140809ada8ddd413bf00745945fe3a477501a94bd69bd2f62705115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
4aa499e081b44dfad61715085c00780c

SHA1
d544c5236d30a7ebaad65b950791082dc4e03b1f

SHA256
0b590ba4de683a1242e3a6b0fba5a2c6c6c9b9bed6642b535438faf864205596

SHA512
b27f0c46400413fc516a34a37eda252294d491e740ed130ce7bae81a56ea01f6e8d631fed14d3e8caec5f2435f13643f336e8d6560dced2a7b76f5784fb28bf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57df25.TMP

Filesize
83KB

MD5
9d9d0641f3ffd80bbe1e1f4da0510bb6

SHA1
e324746ba1f7dce99be149ad88ad238b1103fc0c

SHA256
54c2003aa5c4e62dd41b79d701848f077e1b45404b538fee6718c27f3cf6b866

SHA512
887eb6e66ca916932fdf0cfbf0c8f84aa99a48dadb837cf50cbe1733f606558c48e997373b5e2023084a28d4a01b1aaca08cb14a9ef8e362230eb032aa4d451a

Download Submit