1361d2f268aac9c6373d1f0800155d798f03ca291114e7c81ba6a714474a7a98

Resubmissions

30/04/2024, 14:58

240430-scmmhahe5v 8

30/04/2024, 14:54

240430-r91pysbc33 3

Analysis

max time kernel
2699s
max time network
2695s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-03-27 162346.png
Size

355KB
MD5

564bd49fa90bcc9c2b63cb14b6dc6e49
SHA1

121b6908e87d879bc47bac081ea9977b9cf43304
SHA256

1361d2f268aac9c6373d1f0800155d798f03ca291114e7c81ba6a714474a7a98
SHA512

cf33a782f552a4367f4c08a47798ef25485277f62fe718c1ce492d934150fbfa53d0dce70e26f7e60f78172d1a4e141f81ad03c9eae59222429b763be13c4e9e
SSDEEP

6144:XYsDrmZt5DFKLUd6tuI88Fi22+xZ4jHFuURCSKXwo2CeydDtTvCrI2vUpixs68za:X6ZrFMtujSt2+xZ4jluJSKXwTkDlvyRr

Score

8^/10

microsoft phishing

Malware Config

Signatures

Downloads MZ/PE file
Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589628086294334"	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
2380	chrome.exe
2380	chrome.exe
1436	chrome.exe
1436	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 1052	1436	chrome.exe	91
PID 1436 wrote to memory of 1052	1436	chrome.exe	91
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 1772	1436	chrome.exe	92
PID 1436 wrote to memory of 4992	1436	chrome.exe	93
PID 1436 wrote to memory of 4992	1436	chrome.exe	93
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94
PID 1436 wrote to memory of 3636	1436	chrome.exe	94

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-03-27 162346.png"
1⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7fff478cab58,0x7fff478cab68,0x7fff478cab78
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:2
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4436 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4424 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4540 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4524 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4400 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5180 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5356 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5284 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2440 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4296 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5112 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5372 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1232 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5144 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2264 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5416 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5400 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=1744 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4760 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5044 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6228 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7124 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7096 --field-trial-handle=1940,i,18053302214930563934,15981454159020853569,131072 /prefetch:8
  2⤵
  PID:3996

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2ce3dd0a-f79d-44ac-bcd0-e0b9a9bd43cc.tmp

Filesize
258KB

MD5
d682e88f2d3dee88cb9ca0b42cafba08

SHA1
2e9a589caa5b38ca47a45e228dd71a6c8423cddf

SHA256
5126b2cca8f69c47908660cb0a5e99b67f562c070d3025b722cc50eaae3fae58

SHA512
501a903260bb9dd9ef503d8373b567c18438f3e01bfee48452a2ad2d68596ab1ae25d3ff27f4de3caf389e4a67e421b68d5c3a20d04ad80b8accb03365e701dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e9d18fda2b6c6c7a7b4598a93dc150aa

SHA1
861a4eadc5239c507b4b47a6ecabdd9881041b53

SHA256
7804b44129ad5bf0991535a386fb70754265cdf777e10fcdfe876de72fa6dd74

SHA512
1a3d7f84b681eee68fe60464bbcc184aef1500e5cc2f7f0659d28b733bd1508a01369922fc092fdfc6ce1b7a24e384ef6ffb75cf5d3126d929f55bf1e6812d77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9b9e522c8af841b74715d1c707772ac7

SHA1
13831aa60047f20cb7c52cfc1e45a7690d067011

SHA256
a28028c98c28a9a9cab05a02b6c5e5fc3155001bd34ee071585dbcbb00dda0c7

SHA512
9a2a839071a080d3d46c8d1bdf4b23c8d955e351f60c9231fa0cb7a9176d235fcbf5ea04f946f3839d4e230d4b25fc7eb5f48ab8371cba01cbd191988141284c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bffd67d5-1758-4146-be5d-3d74e097c2d9.tmp

Filesize
1KB

MD5
0b1a6dac3ca87a717f4598877f9202b0

SHA1
f358010e11b7be2107b461042e3d07672f40bd52

SHA256
0674b98dd097a0af0debb047e8886a9f5dc71d47592d99f89cf6004007179566

SHA512
93565e3191e7ead0a7b8cda38335220fc1afe803ab46b15e99491cd15d4ed202716cc59def8db82d33119e13f3f4d63ff428d02bf4c74c4daa46e9376ca376ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2131882e0de3d7cf9aa499f0342f1ba5

SHA1
643a667a4a5cce46c951d8ddc286bdad26985cd5

SHA256
1aeff7ebab5d4a0d2ce096752ef7fcc5d2da82db23ed391167af5ad70cee7f08

SHA512
0f7f9cc27af828bd01f3a52681ee34893ff9c4feb0b279c08a003ebb7f836958a96a3285dab6d7c0ba4d31655025b9694cb9f5bec202235ca9c9e3f1f5805e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
450247b87ae678765ba6e841b7d66d8a

SHA1
d8673fe075bf78c4665ba3fefdbd1ef06e6e7679

SHA256
8854da1d2630664b2e49215e20b282dad79197f7731caa03288cf52590f863d6

SHA512
4bc0aafa263b505fd94eb5289694f0705624a04ef1a9a590730a2315adb5e4f611cedae71007eefae98108f19354873e3d56f20fd3b3c93c97a66bfe7acda44d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
8e31e62e32e48951e55bef2addd98797

SHA1
8f0a3fe972845ca3946a3435e3dbc4033041b8fd

SHA256
bf2a5c5da92722be5423e3c4875278e87146eaf40feaf058d11c24e0596b8081

SHA512
87eb7bab7b884b7ae4c184983d7659d3b949ca88b48946114e6a58582714bbdc6bde55e7aadfa0f01c976658f7517561887b4b214ce74c82ad9714d8b5e133a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
48ab7c9dc831ade8aa3598577cd264d2

SHA1
d0c8b37a00bbd8610d2b06da284ed3561f063b4d

SHA256
a89e98ab49281ef7735812e4deb82b03e3cc30b4456878c796c8b4c53fced66c

SHA512
8c11378a05f1d13ce834fff0f256c00a63d2f484572040645aafc4f97a13772779eae159a2dc572c9c5c1b7d90c6f618d0fa0aa1ffcdddd11f9d5f7bffb2c7ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
3f11f0456764a29e22e01915e38b4db9

SHA1
4c60100c5146a67277f788883a4a64c9465bcef2

SHA256
b2317d467a8fd384bc90838402e018994b878f71b0a770377edb64c46ba3dee3

SHA512
132588758562ade31c940fa1468148e5de6106f2a9932e0cfc0cff182bf997c4faefc01a154d3ff5e88986926dbe5d67ba3da5d4fb65f5b918a5ebaee6c8cc5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
7e9c6c610e5ba076fa1fd6fd34b11cdf

SHA1
8774ef22598baa218dc253a93dbcd20f34dc745b

SHA256
b13024206c697a15dd8afe8f3d2323dab9ab56bec0eb4e445f3cce96277bcdc1

SHA512
efbbc61ad9b678428af4552699b85558784816bc018e8cdf0d64af92fcc3d0024ea6dd58574aafd54e140e47b74fbe70308a6fe20ac0763b6520908da0e182ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
fe4ef5c55d92d190da06053a46b508ab

SHA1
2d8e316ddaa7b64df20e9c2fb515f97fc1f38a39

SHA256
8ed4f50a60b002059b92c6cbd39fa0903affd9b6e547fa531500ba75e33d8603

SHA512
3cede6348af34f618e109ca78c4ceabd4283c8b32331fb0e29f4946e77042d8234e34387c3474fba839879d10748c7017ba50eab848bf4eb287810c431a575dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
80a3ccfe763f00ec891d73884f945d59

SHA1
64c14d4450918f1b78cf1af0066bfcf8b2743032

SHA256
eb8c11c8dcf6fcc9e31cf99327210731c92e815b2e3250441493d93f811ef548

SHA512
7b5898a245d38885af8d4002fd88bf2b541c772ec8f32ea8bc8c728f83aeacc6c95284ac8872519d4e0db6fc29fd59235c1186010b4b2daff481155b433a4cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
8fb40c26eea5eb5434bceb7ba2bb6068

SHA1
efa5d5f4b5a02affd01306fcb178a636b51e3a5b

SHA256
e232253c48385528193e696ebc1d6d79d40ac7401d03db7cb6179e038ebff271

SHA512
51cdea6e1aa976af80fe9e0ed8bb7a4a51fce05c57e937e93bccf270294a81944c4ee81c46adde217ed1fa2c5f31a2727f1b0e6e120cd69c0c15c8144cb6ab9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
176e3124eef5596b0018c247831de1e5

SHA1
62e14b463db16415f332f02dbb56587097e0e20b

SHA256
2eebb2b9e623922a07dcbd56d9dcb5860a73e98ba206dbf285afb43b7c9c6bb4

SHA512
f39a5f055d0e960024d935ac4ac7e2a4ff113d0a89caec0ca20a129b6c73111374177f57ecfaa8892c0285060ba5620e40c257e2900c71471f5276e082f83ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
62a49d13674d8c9fbc305d56b1c14363

SHA1
bfd73aa95d7c734dde7edf7ce2718649311ca948

SHA256
c11abd676de8f448941958c6ebbb8f44aa013e2ea7c29097e0aa0f352b60f4c8

SHA512
b29afe28796ed64ab6b91528aa326fc1e327280368ff9b7305255a9135d752c43b392d816ea62d2a3c3f4344f4f320f4dde7d1d8d542300f5c368df40e71ad02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588b14.TMP

Filesize
88KB

MD5
0214d25dedbf9c15ef3881adfea0c0ab

SHA1
e62c96275672b06c3e8fc5ef052f41790e91768b

SHA256
b8066dfc23c800ca874c8ea0db21ead8ba4ecedeca94dee91b972477bed54dd4

SHA512
88b94a0cb6db027d8a5f43c5b45f02e3b8e1970323f63b090b57cb9e7d298a06735679769b8815e4e56c0aed9d0eb62115e227c5f529f33f6cf41f907e0dce2b

Download Submit
C:\Users\Admin\Downloads\MinecraftInstaller.exe

Filesize
32.3MB

MD5
cfd9316537bf9aebd4c98e4939085948

SHA1
2b2e14d098308c0204ab57f4c6abfb230ae19762

SHA256
9c00e8dd5a6c9a8d22a4ae2e5a8bdeecf73b7ba6dbe12e787e5e8bf9bbb0c1c9

SHA512
cb9fd36106b915811bcfaaa4359ac2cdd8caad562f4954b9cc21b09b60111c0fb3d2ce06714d0de5339ca7fd62cc658c494b873f4a7062e309746e6a92552975

Download Submit