hxxps://url[.]us[.]m[.]mimecastprotect[.]com/s/5lfUC5yomPSWXz0hzH0i7?lorettajanssen=ljanssen@plastilite[.]com

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url.us.m.mimecastprotect.com/s/[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608229768495916"	chrome.exe

Modifies registry class 28 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000008065ad35d697da015ea83175e297da012252d629faabda0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4596 chrome.exe
4596 chrome.exe
4596 chrome.exe
4596 chrome.exe
3500 chrome.exe
3500 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4596 chrome.exe
4596 chrome.exe
4596 chrome.exe
4596 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

chrome.exe

pid process

4460 chrome.exe

pid	process
4460	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4596 wrote to memory of 3628	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3628	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3064	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3696	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3696	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 1200	4596	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.us.m.mimecastprotect.com/s/[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9afafab58,0x7ff9afafab68,0x7ff9afafab78
2⤵
PID:3628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:2
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:3696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:1200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:1
2⤵
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:1
2⤵
PID:4792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4488 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:1
2⤵
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4092 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:2496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4644 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:1
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:2356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3348 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3324 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:3500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:3724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2872 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:8
2⤵
PID:828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 --field-trial-handle=1996,i,15211556162436045613,351496869017608874,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3500

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9c566ed0-24f6-4cff-aa9a-3404bdf0e068.tmp

Filesize
91KB

MD5
8fffc4bf0abdd3af4bd3895fa912881f

SHA1
9e08d76b8aee520107be9b660b8cfdc4783a682a

SHA256
231c0e05b3f9bfe97f426aae2ac8734206d1d737e7b2a09a429412e66e0cd390

SHA512
1e2175b09fd13ffac963ade5b9f0be8958273c146703360bbf1157f5e797704527031540b80dd9c6b68383fb5a1523dc48a47a7866daec7e42a6f9fa820d8e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
d0d0050f80ef252afde206c6dceafc3f

SHA1
f8f6f105f482436fabe5f29bc25999d9bf72a9ed

SHA256
fed134d3b5bacf9bf4d1e0183534aa6f08d9ad34b28d094f5f644f5fbca438a0

SHA512
80d80c51d193643068a010a343025d9a60961a1941ef77aa41273e050a8808850992b4543f3cbaabc554833eae8eca127cdfb1c9f093add2022f9fc5aae1b893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
130ea62058fa27291c3ff8eb388d0b4a

SHA1
c0555afdf674d23ad1a963a9ab73350f3408d973

SHA256
5f348b28412fc3311790d780e95941083b109a860491e23ca5a21457ee3c3575

SHA512
bbe52512fa95494db3d2e1658287a750bb9fc8938ad7be2a378eda85545c95ab605009c2adad11b0d3a4d5b2ba1994ae046b02771fb5519aab7167c8c02ae6b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\dd33e190-7852-45fe-8c18-49d336b4e212.tmp

Filesize
1KB

MD5
4d38679e3454867e42540c410a1a08ef

SHA1
2b182da0ecdd0b72093107180ef5adcfa5072cef

SHA256
b9a5a64cc908981684bddbd593000aa70692d6e702f3c0fa0373b4f4bee568d2

SHA512
0b943148d5f347b83bacfe30f3651df01a4d610812bd14cc83981f8b5fb7c534678aecc5a28f4a3f95a0b3625f33f8aa782a20a821ad225a4a55625921e04849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f6b1c442d05aa4671de292983909a71d

SHA1
80c361c4dd572df16f8bbf562f20e5b2f2cbc44f

SHA256
c3366ee34c7a4ea9a72c08a856afb121b5a97994bcf84af7ba1cf41a5bbb965e

SHA512
443ba27145836e034e8e68c0ff03863c0c846c0e9ec5d4e1323ec95eee61d05f4512df5ab4b880381ddc8528d92b1f7c57d7bbe4535ec5abddd1febfe14aa45f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ea977b8ddd8fee7c6835536a61bd854f

SHA1
775f68660bf50d2fb12a83e7f378671080b5f060

SHA256
84b9f5fe3fede5b2110daa1060b8e6cef1b26a4446f1a5201753033680e8df87

SHA512
d69b1bfa34a0b2875815db7b9e2a7812e4ec928fd0753b76b8e512c246d231c012fd6e1a8cabc0573723687bceac62130872a87dd180e028c95f160972b3bd19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
bb50f8c17d0651364ae23df051267686

SHA1
0fc2d5e5952e3e4c8dde244f80f60a84e3fff711

SHA256
2f9d19c307113fcafcc985e34e3b11a4f011e9939bdb444b8c7a1735abc5c1eb

SHA512
d06570f55090334215bd015a9aca8e5edd65873b1448ed11d9d795acdb1664e4d633b7a8d856017150d6557fe83b16978d27f9c4dc63846f121c9d91a9f28cb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
8fd36c769814545bd3b36be4900ff8e9

SHA1
c36a02a069f874a247ed2f721f3ae6175bc2576f

SHA256
ebdbad5e4025bdbc275c1e56d6cee5328ad5c4a5876878e391f39fe1d75730dd

SHA512
60422ee987bc233e6f815a15cc1c16f2a6d55acd17eba82d87951e3b3dbaf4ba44e7b7c1f716007d8b2aa0daf5d31a7108507714d97ab9b00bf2439ed7c818cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
132KB

MD5
01c3a624370e054205f19abf109fe1a4

SHA1
c56423c904428f4221520771e826237666fd88a2

SHA256
20d24de84275274a58f89d24d06969faf3e78f3db1ae4e050382bce7ae96e904

SHA512
84e34514481862d3c13979b374d8ed4b512c9743fb3e3a03f67e671d37f0460404395e7979bc5396fec61af9e559df56cfff61c5f5d4fd30a9085493ef037821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
bef7a8e51cbbecee26642ee6647c5358

SHA1
9e1baffdd494731966584858a4902b63017478df

SHA256
3528672025f1ed62936805fc36f7bd3298ea8b5374ff0c527ba126253db5bb04

SHA512
93fce373cf3ea04b1021a1a1a500795c7709bb2cf4f4f05c8b14570c701db614d2e9160110c2e52325910c6a3c91c47301b75fe0c8574ecbb94149c63fba7de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d3bb.TMP

Filesize
88KB

MD5
1bda05c56e611cf93dac483f903f09a1

SHA1
50b6bcbcfde43c7fe99c802a72fa85fbe56ea630

SHA256
fd94c92d3dacc9f5b080b6eec6e4d8e8b49c8c1afdb5163508eef72c01cb7698

SHA512
4dbe226866c05d19fe70bbaa4a3866a972ff595e989b21db364b1d6fe96140e3068c7ee251a9db43d2233159ecd30a1005c2a0d45b9f0173f6674c39fb262ec4

Download Submit
\??\pipe\crashpad_4596_GMLLUQZPLIJTZRVG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit