hxxp://studio[.]youtube[.]com

Analysis

max time kernel
1800s
max time network
1686s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 14:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://studio.youtube.com

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "17"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577498924401414"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2288054676-1871194608-3559553667-1000\{132F6118-22B6-4411-88FC-C8417CCEB049}	chrome.exe

Suspicious behavior: EnumeratesProcesses 58 IoCs

pid	Process
4684	chrome.exe
4684	chrome.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
4084	chrome.exe
4084	chrome.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
4512	Process not Found
624	Process not Found
1060	Process not Found
4660	Process not Found
1248	Process not Found
4924	Process not Found
2904	Process not Found
4852	Process not Found
2716	Process not Found
4336	Process not Found
1232	Process not Found
2584	Process not Found
388	Process not Found
4612	Process not Found
5052	Process not Found
652	Process not Found
4940	Process not Found
4928	Process not Found
4244	Process not Found
1620	Process not Found
4588	Process not Found
3800	Process not Found
4796	Process not Found
1112	Process not Found
3704	Process not Found
556	Process not Found
4752	Process not Found
3224	Process not Found
940	Process not Found
3544	Process not Found
2540	Process not Found
4552	Process not Found
5004	Process not Found
4564	Process not Found
4788	Process not Found
1928	Process not Found
3684	Process not Found
3944	Process not Found
3300	Process not Found
3712	Process not Found
4404	Process not Found
2272	Process not Found
1440	Process not Found
3360	Process not Found
1132	Process not Found
4120	Process not Found
4260	Process not Found
2084	Process not Found
2348	Process not Found
2588	Process not Found
3628	Process not Found
4488	Process not Found
3744	Process not Found
2300	Process not Found
3788	Process not Found
3784	Process not Found
3848	Process not Found
3500	Process not Found
3844	Process not Found
3920	Process not Found
4196	Process not Found
4040	Process not Found
3512	Process not Found
4188	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeDebugPrivilege	688	taskmgr.exe
Token: SeSystemProfilePrivilege	688	taskmgr.exe
Token: SeCreateGlobalPrivilege	688	taskmgr.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe
Token: SeCreatePagefilePrivilege	4684	chrome.exe
Token: SeShutdownPrivilege	4684	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
4684	chrome.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe
688	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2624	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 2452	4684	chrome.exe	84
PID 4684 wrote to memory of 2452	4684	chrome.exe	84
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 4104	4684	chrome.exe	85
PID 4684 wrote to memory of 3640	4684	chrome.exe	86
PID 4684 wrote to memory of 3640	4684	chrome.exe	86
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87
PID 4684 wrote to memory of 1040	4684	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://studio.youtube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1e66ab58,0x7ffa1e66ab68,0x7ffa1e66ab78
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1968,i,5418095425117434454,16905007698898271535,131072 /prefetch:2
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1968,i,5418095425117434454,16905007698898271535,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1968,i,5418095425117434454,16905007698898271535,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1968,i,5418095425117434454,16905007698898271535,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1968,i,5418095425117434454,16905007698898271535,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4156 --field-trial-handle=1968,i,5418095425117434454,16905007698898271535,131072 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4316 --field-trial-handle=1968,i,5418095425117434454,16905007698898271535,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4076 --field-trial-handle=1968,i,5418095425117434454,16905007698898271535,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1968,i,5418095425117434454,16905007698898271535,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1968,i,5418095425117434454,16905007698898271535,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1968,i,5418095425117434454,16905007698898271535,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 --field-trial-handle=1968,i,5418095425117434454,16905007698898271535,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1920

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:688

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3908055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
b92505cf95e85ce71aead89a66eb9d12

SHA1
17b15302a05ce926b6d6fe9ab25925f61577e6ee

SHA256
6b13218bd275ba934612fda99665f4b3bcf6e62859dbae63d9065e2c5d1204c9

SHA512
b59106cfd2ea2f40cfe28f21a0474d29e6f0738cf77c2ea67b6c6342a6a8ce7b48b36af639086e87bcc25338db4e8928158fc2245853728d3e0cad2f0da245dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ea33261827c35ce09321bb1b7bdc327f

SHA1
1a741aff6536608fc7a069457cb90744db8d1e22

SHA256
0f784bb32e6625bd3ade0c7a405c88726536c3d3603d253e69720aca3ac3b9ff

SHA512
dc538e5eda2a0326f6aa4739edd1af5c9e81d101b1a19f51f7b17122fa7f51176c9e1fb8187d5b7ed2278a2020c46a717febe7a19b66d7615a967fccf8dc62e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4f7361e4b676a0b3de71e5b529a8e130

SHA1
e9911c30acc76c95579286e833be5c293ef9c5ac

SHA256
de308a62b7316891184299786c9f5e5695e9c4dd15181ded150bfde44328880f

SHA512
af46ba5f27673a866aed5752f9848527cbb015904e60b38f265da9b88b41da7518a74a13fbe2b4512b06c77f6b6fd07b4c5ed74fbcd0ff032cb7ef5a499301df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5d0b98ebcdf9fb73152a455ebc1bb919

SHA1
04c231c2ccfef2a85389fb2afdfb86faa8a366ed

SHA256
295eb9929020fe8a2dc7ff0ec51e3da4facc3daaffc2bfb58645802f9c13a986

SHA512
ba9f960e3731926e215a720d8a58a52205cf206c9f547a6c7ed3e71ab592f6914afc0d05d86ccf51a19f0f07f33b6a476192a912f6c528e19d3e5ab8e5f12b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ab9a7bc7f698b199ce2b1c73d87badff

SHA1
be8ff589a279ff20d91d5b83aff15fb22a573d0d

SHA256
52c7f30e95c9f906e21c9ae0410788ddf3c740ce7e45eade33823659350ac4f4

SHA512
64bfd09ed2647b647ef29c69923067e0a77acab48ce72d3a8cb10dba567664fd0023c7f76d2fae5f83709beae5f33b0582030f366b6f2ca0afd5a08d4165d806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
59dd7bc722a45d20e657541e100a1fc4

SHA1
405f22ee116dd81813288ccef6f49d33a27aed3d

SHA256
855d2ba1aff1240e0bb3113727e00626b3b69dc2bb36db4a81f5b60192394852

SHA512
326583551f585799b1f1b259fb7ebfa67231229d1bc22a1ef45b395bb85c916c88116218d30de3fcef35566d59e982c68684851c54469ae4b95937bfdc701443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
66fc472bc53d90746f7dada5c4b0c100

SHA1
184d5e58e18d761fa877d3e0ca587a1a98b8c235

SHA256
e32487eadf9a7be5cfa6e75f690c3b9a9312fc77d519a5337b33b36a0fc60d8c

SHA512
a45a538f7da0b2dafb4c14d8a3a888000108e86aff0259a43c9040c211b13648578c358cb77990c77b098e2ca968bde37dde96f5c7e3d76ea90e6e2271324cd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7ec916e075fa06630bdb935a40149f42

SHA1
d182b679c61957de6a1e487ccc5b6d07012d3af3

SHA256
c357608df2b88bb9d3a9a51971f38075f5bada35573248f6516dcfb4e46cdc67

SHA512
8fc07aa08d9d543407f7bbb077d6536692948a3021d8fde629b8cd4d1f3853adb7acabe5d8944a9f59b0347e1190c5e439759c719d771aab60364ae7995c29fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3745a693b495b5adb3a6efec8904e108

SHA1
8c63031244f746d9c340bb6f3d4dcfd125ff4b10

SHA256
f245b1d73d239d520e04a43dbd31dd24b4b909cfb29a6bd82e143476d95c6477

SHA512
f053badfa8f398fc621e6308be2dbb9b067c8533d78432d1aceb159f6d7099c5a0afe0963af5a0f62766efac2dbd0511ecd707033191b36cd3a1dab9f27d7a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
3ed9f070ef7c69fc7784bd24313cad2e

SHA1
294ca5aa624bdbd99d80b744187eba0394d3ebc9

SHA256
a52013b5b31c716f848327fbefe6fb19d72f7bb0f85ec8fdd077cd6d2e5ba3b8

SHA512
0055e636959526bcb6703621cc1ac984f7c3da131f8e2d4deb13be763962fa1499a42302caeeffe681e555f9eb3bfe23ea717457618db770189dade93dd81d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
f29614b747064e800a2ba5302ff3c67e

SHA1
fc2a265060cbc30a14730462bf93ad2512b9bcc3

SHA256
c6e495e57d356c3965a97e1e1e3be75233bec3ff93e9cdf85e750d3f7915c394

SHA512
617629559e2d748307cdde0d8cde98a4a7b7f6826894b7d94653728c3ca30e08436b2e1e1ccb1862c10150c35fef2ef64df7975ddd23a646534fc4c9a4d8401b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
1e8d256e1e0078f9c711e785a51bace8

SHA1
6bb37eb536ddd53ef81c65b338faad040dbd9631

SHA256
973ae960fcecb65db577abd089095da4f810f0ac3ca42525d461be37160f1926

SHA512
ab494b9e3227eef16a4c7c1a075aa51580bd4a1a3f32924e4137d71c2ae39f4408b5105f6244b974f5731348fdb49b265e9eaf8572102ed5ac6f87144d1d059c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
30410b4f6652ff18aff7e33f6b5fe494

SHA1
271b5f6d7e73327c36d9e6d88fb67cab4022f3d8

SHA256
3387dcb29ba328d51d70ef15925986fcadf0edfe1a8ee8cbbdf6df41c5ef0793

SHA512
ee902f6a8afba7c4f4413cb86c0845b80215d4722fd4ce670559314c9e5efe96f8b9ca1f67fa93ba9184945c5fe43843c44ad9ef9304eb4eee9a492be5e9a85e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2e7edf27dc0c222a74122a946778b91c

SHA1
a63d648c08eb1d021854f1aefe09eaf4d1fda896

SHA256
7191580196fdb87494ae1881f70382bc464a4e49a18110b88b2d008c365ac3bd

SHA512
641af9101ef5a36994ad79e03445d28572c3a6369778112cb2165977504aab58aff186df4f88b3be832c5ef436716eb9506599698bc212eff9a32250dfcfc9d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a6fd3e9b25c79ecd067c20291f262cf6

SHA1
908e595cdaf8fcda4b352db773532c147a8da996

SHA256
b3b57a69b02813fc8e47665cfd034d6fab5026b38a013369a3d693c251b4b4e0

SHA512
e980f1cc1b11ec1596dad6b1dd5da2a3d31e577a4969a31daf14a1754e5008024128205a8fb9a478de8b550267821130c411623c31ff84bb31a324061e8885ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
d8337867d1c4a3152a1eec0fbd89f1bc

SHA1
02dd1b6c10ab2c8fe4539cf70e89f5af259e511b

SHA256
acfc30b3479e627445b65ee596dfe21d8d7f1036fb452029fa7e44c989c4b7b3

SHA512
30892378be2250a4903487d7bc162551675be99fb55c06ee45d2bcff4a87de376f94839feb3d505765794ace402488572a24169aa2a8972478bb370e9df01064

Download Submit
memory/688-69-0x000002A4B4480000-0x000002A4B4481000-memory.dmp

Filesize
4KB

Download
memory/688-79-0x000002A4B4480000-0x000002A4B4481000-memory.dmp

Filesize
4KB

Download
memory/688-78-0x000002A4B4480000-0x000002A4B4481000-memory.dmp

Filesize
4KB

Download
memory/688-77-0x000002A4B4480000-0x000002A4B4481000-memory.dmp

Filesize
4KB

Download
memory/688-76-0x000002A4B4480000-0x000002A4B4481000-memory.dmp

Filesize
4KB

Download
memory/688-75-0x000002A4B4480000-0x000002A4B4481000-memory.dmp

Filesize
4KB

Download
memory/688-74-0x000002A4B4480000-0x000002A4B4481000-memory.dmp

Filesize
4KB

Download
memory/688-73-0x000002A4B4480000-0x000002A4B4481000-memory.dmp

Filesize
4KB

Download
memory/688-68-0x000002A4B4480000-0x000002A4B4481000-memory.dmp

Filesize
4KB

Download
memory/688-67-0x000002A4B4480000-0x000002A4B4481000-memory.dmp

Filesize
4KB

Download