hxxps://url[.]uk[.]m[.]mimecastprotect[.]com/s/jmoiCQ0JysM7kL7FxXAMS?domain=us-west-2[.]protection[.]sophos[.]comhxxps://url[.]uk[.]m[.]mimecastprotect[.]com/s/jmoiCQ0JysM7kL7FxXAMS?domain=us-west-2[.]protection[.]sophos[.]com

Analysis

max time kernel
600s
max time network
585s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 08:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url.uk.m.mimecastprotect.com/s/jmoiCQ0JysM7kL7FxXAMS?domain=us-west-2.protection.sophos.comhttps://url.uk.m.mimecastprotect.com/s/jmoiCQ0JysM7kL7FxXAMS?domain=us-west-2.protection.sophos.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614455162219533"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3936	chrome.exe
3936	chrome.exe
752	chrome.exe
752	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 3468	3936	chrome.exe	83
PID 3936 wrote to memory of 3468	3936	chrome.exe	83
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 216	3936	chrome.exe	84
PID 3936 wrote to memory of 4388	3936	chrome.exe	85
PID 3936 wrote to memory of 4388	3936	chrome.exe	85
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86
PID 3936 wrote to memory of 3192	3936	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.uk.m.mimecastprotect.com/s/jmoiCQ0JysM7kL7FxXAMS?domain=us-west-2.protection.sophos.comhttps://url.uk.m.mimecastprotect.com/s/jmoiCQ0JysM7kL7FxXAMS?domain=us-west-2.protection.sophos.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb7b9ab58,0x7ffcb7b9ab68,0x7ffcb7b9ab78
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:2
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4220 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=972 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4580 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4704 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4280 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3560 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5160 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4308 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4832 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4536 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4504 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4356 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4708 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4976 --field-trial-handle=1768,i,6193466011770709132,14994340501572617295,131072 /prefetch:1
  2⤵
  PID:3452

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c3c44cb89ca6c4d9a7baa5e4b75c04e8

SHA1
4340c596e2afd7d3163f0749e836e2b69cd61dc9

SHA256
1540c610aa38b722ccd7273f5083faf356d820741878b9d7582f59bfb712702c

SHA512
4d16b1b57ef569086fff941520d312038de714dbf11931b62ffd3221c5204ca1ba9ba9e2504556f1bb728cde40dc85c8f3607a2c346d26485ae3f8ae20c70f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
91f090e87fd079e3cded59370a03316d

SHA1
0b5130b699ee3503f9509809b2a69629fc93aa74

SHA256
c9a220952be2739fb8998a09b55b55cb1fac6aa1e948df9485959b2dc6be5c03

SHA512
dfb7d81020687907099156d99719586f3766d04af9e27d510f6e065dd07d0e2ac9b605fd5c21b9239a3c5cfebd67b8731b67c19303b066adbba1e7b7b8dbddcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2644ff469d26ec2bdae84a1a873fd39c

SHA1
a1f51a98a8dc10fc332d6ead58b109031b6d9609

SHA256
c7ccf51e75516e5dfe0686082ea29f9502542f83bf16424e543e31ac6148f8fa

SHA512
ef66b6939eceabee65930d9f5775910b77fecaf8d9f29f6f65b8a0ff7182d0b94e42d59a26934734a5bfaded458bf6e62dd61cfd2944bd52d53312274e6e8f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ab3d4a6e922faa98044c53f2efa77748

SHA1
e54b2d08d9dbd7b0485147897f56dfc67bac90ff

SHA256
592e857152cc3c1d50ac639bae678bfc1f4998cd002eb76cefbe7cd6261291cb

SHA512
8202f724acd12194d09fe75fc65e2032cbff2dc4bb78c5bdf3eb5e82af370fbe17e87223bfb442be13c41ae2ac1cb32c440706bd88ec402b108deff6cd13f4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
32ee1e08ec93d7d6952c7b16ce552a3d

SHA1
c74f5d9504f29175fc620dd83295ea72e8696bda

SHA256
be00b66410ad531b6c34783c95256667f10d769ff6fe619a8ea554032e131ed8

SHA512
585e0a1778586f626a79eb6dec1a9e31a2e5590f360b5be2fa640126175fd1c354d1ceac792f85a444e5d23698d5c6bf0beaf3dff974e7539a76b96b5a4cea11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
90c63298fa2b4f508b55711609f064c9

SHA1
c746150bbd42554864ba001cc57d51fa37bea468

SHA256
920acdf80211a7fb711d16c73b1b60fd0988ff884f615e934c4f9f5c13be0485

SHA512
ab7f98d884c0bd6c118939c359e5cccfaa3afd7639c1322de7d0442f5a4a1d037311b490f7d7bd7aa0c1f5d879602248b3ed4859298804f41ca32a7dbbbfe235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
0d9d028469507d17ae3585330718fa7d

SHA1
b5b70d5ccbffd7a4c8d1261ae0a7ba1bc2bf6df6

SHA256
bff28340212217818e0f10dd0f399e6af0dae36640f7b9225b196048143bddd6

SHA512
36cf37b58294497ea479322f6a0a7a9ab5a77fe055713dc8c7501ac5ecc29f93ef74d86427b339eb0401a58515ad02493b202b934bdfd01a143356b6bb560d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
333b2a8df1c7c4e1cd0aa1c58d425a1b

SHA1
94856ca31484bb06373241f542561b5e8222238a

SHA256
76105d2b34ea6dd25c496b705821eceb7aa4b9e872136fa5b99ef8e0f3d55dd2

SHA512
38225a1d94f5d30bfff03f47f09009b632101e22043ef3752877779eb3474494638566aebf03d220beb529ac4599afbc88ffccf54a33b606b05d29acabe8b266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4271689aaf4d96cf9b28160fd7cf0614

SHA1
7438b95c71a6160ffa05e37af9b23f8824bf68e8

SHA256
060e16fa9266e158d59a21b4e5812cbd01b355f48de8f00f5f2a5eadcf12227a

SHA512
b4f8f1ea21a7716dba6d12051bb50c9821b5b040cf7cfea33ad37dc70a7a54c7a9b4d3602c483acb88d446600c780f008628193db48a4e0b5ca433f1ac703ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3420de908ec7dad648378eeaa68b5b83

SHA1
c3332c6f5d2643d2266a1ab0d8eed163c1e4a6ce

SHA256
150c79bb2309a5b679eca1e5816c42f2ba1d4490d077656c064038c64f0f77d3

SHA512
d40e316f6cac0bc2ebb073ca6379158fa5d1c7d4258c34d709855cee6a4a2b4a8ea90848d011ab8c35cf550a9bf9f26a51eb6b4fc70231ee139b9abfa37bcd88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c09f81b64f1a8d4b345de798b284ddad

SHA1
7321797dd188cec76f2797979ef6235b03a0866f

SHA256
c9a854c4a156709b334978b89c67a94f99f95d93d532ed78bd79e77d45c3edb1

SHA512
d1b1d2f5388f40b022e4e654b6e607fb6b11e2a2915e219d4b740239f9a8946feb46a7e139e27a222624f9ff7fa995614b0f7acc299c675d1b0565514e1d3c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
0e63ad7357ec3a0bbe294562410945aa

SHA1
40c2ed3017379876d82f55aadd35247e2b6f82a9

SHA256
8e993fee5d88f9265a6a5a5a3cc39d13088cfb738e09e81e02c15ba0616762fe

SHA512
2730ed469a2090177c8dec78f97b086101b0fae674b6accbbeea8b4d5df7902ced3bbc598b489d420bc0fb940dd9bb8ec17a29a1dee7c137dfe9e7818e7ad0d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
667030eba9d679128b42caa2ea6287bf

SHA1
1e75a2d0138863be15924249971154605d4f16b5

SHA256
50efc7a1ccac5ce744264a282abd253402dd28f90ac6d41ac1996097866daaed

SHA512
57742c0ebf9eda6a32bac4fee4d0bc97e22e677866dd01c2876fe0e2780b748ecc96df47ed06e045c757bff3999c91bc5ee42d8d768fb3cf868921cb74985e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
8ba41b1a8c243ba9d721b2efdb6c6acd

SHA1
3fa2cf5e047b11a4b60421294e68ca0b5b8fe7ad

SHA256
bb6ae5b84310d1997cbae42b2311f80f674ce622121df61571885c3b75392ab4

SHA512
a111e21aa717ee8ba0f329b1c9a3e7109f19d8d574ebcf8c3ff4a1240d396ee65863d1991211fc2c73f3922f9e49a0778ef41aeca1b42a9d324fb70ce7b0065e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5936d5.TMP

Filesize
88KB

MD5
ef7baaa8ad0c4bd908941a2bd4591dcc

SHA1
3d2a1fde218a0cebdc76279bd2faa3c03c060a5c

SHA256
aab78338dc8c0805acb875ce3dcc0bebac7c8608988d99e8f4781a5bb6ab1752

SHA512
39974956e2864079b8a5128c73fb4536030b19756962e39d9e18b62d4b0ccc27b51ccca9714d4bbb2051edb326a308afd45b70e46b960738f18afaad82cc0b9a

Download Submit