f4775567ca9941b4fb3224d97b0741ae669eedfcb0d8b3c71106b21bdb1aee28

Analysis

max time kernel
134s
max time network
132s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
25/05/2024, 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Optimizer-16.4.exe
Size

2.3MB
MD5

9352623ba2fee1206079ce3d81bf0132
SHA1

9c398c2d975d82ba1e46f3bcc0e6298a2b713b8d
SHA256

f4775567ca9941b4fb3224d97b0741ae669eedfcb0d8b3c71106b21bdb1aee28
SHA512

a38cef70819524a3ba8d7583b763da3fac71a9b67e832165f14f60568f7a2a07f67418bb7f7a544b32aa3d76a4fa9a6b142a3998cf362a116171ed4fae05187e
SSDEEP

24576:QqsJmQYTZZ4GKTnbv7DO9JvvEC8ZJC3Bjk38WuBcAbwoA/BkjSHXP36RMG:QMH4VTnbv7uEC8Zw3CSA/Bkj0

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
15	raw.githubusercontent.com
21	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611333472783099"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
936	Optimizer-16.4.exe
3992	chrome.exe
3992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	240	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	240	AUDIODG.EXE
Token: SeDebugPrivilege	936	Optimizer-16.4.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4388	MiniSearchHost.exe
3664	osk.exe
3664	osk.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
3664	osk.exe
3664	osk.exe
3664	osk.exe
3664	osk.exe
3664	osk.exe
3664	osk.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
3664	osk.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
3664	osk.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
3664	osk.exe
3664	osk.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
3664	osk.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe
936	Optimizer-16.4.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 1080	3992	chrome.exe	90
PID 3992 wrote to memory of 1080	3992	chrome.exe	90
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 4496	3992	chrome.exe	91
PID 3992 wrote to memory of 412	3992	chrome.exe	92
PID 3992 wrote to memory of 412	3992	chrome.exe	92
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93
PID 3992 wrote to memory of 3036	3992	chrome.exe	93

C:\Users\Admin\AppData\Local\Temp\Optimizer-16.4.exe
"C:\Users\Admin\AppData\Local\Temp\Optimizer-16.4.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:936

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4388

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3664

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff1795ab58,0x7fff1795ab68,0x7fff1795ab78
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:2
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3852 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4564 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4140 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4612 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4112 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3280 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5248 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1840,i,13264557551217792059,5836596465024321821,131072 /prefetch:8
  2⤵
  PID:5088

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Optimizer\Optimizer.log

Filesize
295B

MD5
9951952112367b721393b7ba837d3acc

SHA1
a9640cc2992a79969966df614c302e0a71faef7f

SHA256
38f4d9a74e7fd1048d0cc86f06d3fa4afc7d808a84947c9ac0acef1d8968111f

SHA512
9493171a3ae6ea79306e2bcd4183dfd4cafc03d257f5c382ba30f3a9fe61267504536e3519c2330cd32c41d22f7d650b0c8298945bd9b01f4abcddf6349eb20e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0effb0b1-750f-4c56-a519-fadef820b2e3.tmp

Filesize
7KB

MD5
3d2a14c9d55d2dd2763d4eca5ca842cc

SHA1
cadadf5f701d46f83f5fb13515f31d6f741e3e2a

SHA256
b39f935ab08b7c181bf2a1a37f9e311e3486e657be4bd9de06b4682cc8276922

SHA512
4305791f8f19b3a81259bb5e9e6edaeda3264b768a4d416ef37d683c3e78c3d534da2933f3c8349f196732ca1ddebc8b673d0dd519a42bf9a6237c0f71c5f49e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
64KB

MD5
d84862513956cbe61aeb4ebbfdd3355a

SHA1
14ab269df17cb0333b1556ce120d587324479f6b

SHA256
a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5

SHA512
d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
19KB

MD5
d41d72406bf403e2a2d1ec60ef889531

SHA1
3af9e732d1366595da6737bd0f943df4704ac4ac

SHA256
913bf99a86dde22866e137811794ce0a5737a1741583c2e06483c31a6b43629c

SHA512
e1268f335a51062f1d59dd392e13730045cf0b4eac1eef48659f280330a0c280aa3d28064a94918acb3b1c6f6d53ee674f9ecb51eb0e78729672205c25f490ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
dfcebd2754be3371ed4066795fe44bcb

SHA1
83d3df6d63dc37333e54fe11a4df96cdb018d93f

SHA256
cedd3671f927f4f3653f743586025d0cc982c33633a83dc739d821acd094bb7e

SHA512
692fbdf1c966ab3eba27e44d6035ab36b095f5101ac4eb6d80e4587c2de91d1640846e488fd1684782c652ac555ecaf95b163714cc7ba7b5e1c732f4e19001ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
63e547081459a9b42536de9c92d57042

SHA1
ec3cff63e12c66e1216e2568b6275c2cc2d502f4

SHA256
1f91d8dc64497787197d12eebddb455be6eb1b4a5eac45855b5162ef5dc64a60

SHA512
1b56228bfa190a41064ae10abd4d52d778bccfbab8350853b532e63bd5bee00d3e014ea4a94b69fabab21b143fb52f7763a49404022d2ff98bce939c4cc56f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
00eec72e7cbf141d083dc70a5efa9d69

SHA1
f3d05bf21a913e386a79604145ac2ef9bb3e1557

SHA256
a6d7f3bd88d8c113ee8117fe7d5fbaf525c8670c2c9223f54ab29aff1c940c5f

SHA512
b31fabf4b744d76d011e04d9be4cb6830bba0943e8c2788c2e64044e832a777cb1d35affa8a20c0889d8a7c69686e61e0ebeacae5a0c31e2b01152cdf4a30e66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c52e955705a6bf816b9388d3bce08936

SHA1
e195ca7edb6d4313cae8e57af415822f52cf9e4a

SHA256
288e3ec37f9313f3e1752f95efb36447c8565a01cbf329b9c6a62bad358b3f87

SHA512
a55dc58ef799cdb623f6d527382a05dba85e5f8717cf258b2fbc9b899ec1ebc18f918702c85cde276c60b383a569ceff4cb0825effa229bdfd8c958c2eb52688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
3dad931a42aa05e1aa18a78651169374

SHA1
4b0448bc62c441d67de652369486335f60d752b5

SHA256
acc81a08078c7346f8e90d18c6d7b6ab4fe4fed7a45d8a7f8703060ca0b3cff8

SHA512
a07095c8cdcf3f5382e3d930f518db56979000bd1b3a911a9d61e6a19f58a086253ac0e5b7c4f52833dd774bfc45e5b30970529ba1e0acea2b64673b81da58ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
50979f9b8600451ad5cda864682587b9

SHA1
f2814215b608b90cf282199c4e892a9d25da46db

SHA256
374603c781674c90cb93570c05fe2bd273a12c9da4dd87fcb88e3c1ab1edbbfd

SHA512
a7c25eb8d074e971df7aa1eb1b3b399565a7b09459f357e563ff50eb8521f2bff19a21c4a7f93d772a5807847162cc7497678ab8f730cf5b68fe8428f46ad98d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
b20c4c1889f75ba577dfcd3cfce25696

SHA1
95d16cbec60f97cc8b04d107a9ac8623002437e0

SHA256
0b1298b29d47056c45b14e664e44bce94d64ca15d8a7acc12898883aa8a134c4

SHA512
3bb2c093087b1e5557f5fbbddb769f66afe4c8fdd5eddbe7914b9f804083e0188b6bf64858d09b74029a1a3393a2bff75bd7edc6217fcdaa9e5f138f502fff8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f79a.TMP

Filesize
82KB

MD5
f9ec498a77b1f22f827055216f9c8145

SHA1
10893674c22c5766fa5c888ffdc182b9ad751d9c

SHA256
436800e9031af25e43f43332120e0a2ffdca758d44f9dcd9406b55ffad33b732

SHA512
b64ad22b4d6e76d3c00109c252c7441d1ac4f213476a0b3dfdce0b190719adabb37a82a7ebade27ddbfbcc9915c8d33a6b06884cc7b98a52fe0cf838992f0715

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2w0ocr0s.yvf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/936-30-0x00007FFF1DEB0000-0x00007FFF1E972000-memory.dmp

Filesize
10.8MB

Download
memory/936-2-0x00000238E1A00000-0x00000238E1AB2000-memory.dmp

Filesize
712KB

Download
memory/936-23-0x00000238FC3A0000-0x00000238FC416000-memory.dmp

Filesize
472KB

Download
memory/936-47-0x00000238FDF50000-0x00000238FDF76000-memory.dmp

Filesize
152KB

Download
memory/936-46-0x00000238FCB30000-0x00000238FCB3A000-memory.dmp

Filesize
40KB

Download
memory/936-0-0x00007FFF1DEB3000-0x00007FFF1DEB5000-memory.dmp

Filesize
8KB

Download
memory/936-45-0x00000238FCBE0000-0x00000238FCBFC000-memory.dmp

Filesize
112KB

Download
memory/936-27-0x00000238FDE80000-0x00000238FDE9E000-memory.dmp

Filesize
120KB

Download
memory/936-1-0x00000238E13A0000-0x00000238E15F8000-memory.dmp

Filesize
2.3MB

Download
memory/936-63-0x00000238FDF20000-0x00000238FDF32000-memory.dmp

Filesize
72KB

Download
memory/936-29-0x00007FFF1DEB0000-0x00007FFF1E972000-memory.dmp

Filesize
10.8MB

Download
memory/936-28-0x00007FFF1DEB0000-0x00007FFF1E972000-memory.dmp

Filesize
10.8MB

Download
memory/936-25-0x00000238FBDD0000-0x00000238FBDF2000-memory.dmp

Filesize
136KB

Download
memory/936-24-0x00007FFF1DEB0000-0x00007FFF1E972000-memory.dmp

Filesize
10.8MB

Download