a974f28684d62fb86112d66c02b36d0a3456ddfd7a0e3227f24e79a707bba79c

Resubmissions

10/06/2024, 13:26

240610-qpxbcsxbra 8

10/06/2024, 13:22

240610-qmq2kaxfll 8

10/06/2024, 13:16

240610-qh9m4swhle 8

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PySilon-malware-main/compiler.py
Size

4KB
MD5

b08fe061cdd1c868f6468c57b74207ba
SHA1

d7cd5104baaef267920e8e5b2a2a3a37ce89e23e
SHA256

31c25920a4da1a98327590956dcfa98facc0d1e319a85b9692e36c58d43f64b6
SHA512

29ab4414f6e7a7e69b38ac23bf5b97b0a81b168ccf3fdd70f8d07f9a236783b7aa7437790d27d53ebdfb179d7dc4ffa0dc0f699a443c87e0228e71683570d2d3
SSDEEP

96:ODwmTAYUtPdz0I9dwsKgwC8n151QqlrAFUetud18ZCrGOF+L6v:O6YUtPUul+tQu0qe0p+L6v

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133624991807149322"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
5040	chrome.exe
5040	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4480	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 2044	3920	chrome.exe	93
PID 3920 wrote to memory of 2044	3920	chrome.exe	93
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 1840	3920	chrome.exe	94
PID 3920 wrote to memory of 5076	3920	chrome.exe	95
PID 3920 wrote to memory of 5076	3920	chrome.exe	95
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96
PID 3920 wrote to memory of 4608	3920	chrome.exe	96

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\PySilon-malware-main\compiler.py
1⤵
- Modifies registry class
PID:3172

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8246ab58,0x7ffb8246ab68,0x7ffb8246ab78
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:2
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4772 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4160 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4064 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4608 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4928 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4288 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4600 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4340 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4588 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4384 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4868 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1604 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4900 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4408 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4912 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3188 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4600 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3172 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1916 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5864 --field-trial-handle=1948,i,17477588760223396887,608342152833569162,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2592

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f9f61a623bca011f778bffc2ce12f3dd

SHA1
7d5bb480c52c2c8d62b65e6098b46cbb07579531

SHA256
d30e977730886cd5f4b1b8895f8af1c74d1aaf809df867994925b8d760967339

SHA512
f078c38ae6922b7394a2e5459decfb34e506afae42e071ca55e1b394c33d230a760d5db0f630c295d20831d8c7404a1389cb09c48d8e4c977c77cba8bab080b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
93a9b9c2f64df10f0bcc43e38141d1ab

SHA1
f1fd62e34170e13077bf5e37d49ba6a9903831e5

SHA256
6a5a04190a5952b5efe309a0b7fa83d8f9e42d720f0e975e0cadebd8293699fe

SHA512
19d4cc33f1c17fe4c833ade5154c94a1eeb93a9ad602bad58f980479328c033773c9ea66cf6da9fd5f89bcc2ee5b8fe13282455c04d7f380d097fbaeac80a839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f7dab6d6db1b2a6c36e1e87d5cb10faf

SHA1
4fd613f9610a530a3167df778b9c8ac12a4ee628

SHA256
555efa36e260aa5b8504ab9cc4d0791c995f95ba6849f133b7ba2c05914e746d

SHA512
d526d0b8cd398906fd916f2c1f876320518477ec093b6e5931c460b47b7cc86dca799198d97d7d8d73d36537f9061b5f68fc47f53cd9ecb4cae5bd4a6e7fe8b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
51300a15f9c9e0a43dbea1fbc0e955df

SHA1
45f549d3d889aa6d7c0b8026608e8fab4c85fc73

SHA256
8dacf0fb23ebbfa65f1208c1c38206b31db4380ffa92418165b8bfac376d9c71

SHA512
8cf5ffd74645476be964c26c6c707b1e3aec58e858cf48bb810e894b9cf7ae27d7edeb6e847f632696085084deba2362c49b54f2e6106a6c8c9445990c0b8b2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
5675067c6ed9c5af261a4bbd4ad267c5

SHA1
19b6cd20c3657618053c7f60a83b18c25f4acc07

SHA256
16b9a82f83f1260504a25dc9bf9c793006b076ab27f8885cacfcb407d462085f

SHA512
cbb93a56106731c800a210054b2d3cdf334bbec4bcd555b00d8b1b8b656a9e7554a20d193ed4787a14f383b40b082825144aef9ee4d0a3d76b478e7f98cf913e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
5f0210b826a8c912e2bf53bbcaeb9769

SHA1
e8b4e3e70d3ec8fc15eedea64986259e77dd4722

SHA256
984a00913ac3c431d96f9b5c62855139fba01d3c8b42630680e98b9fcb847f36

SHA512
eeef1923621599fe2510c88caf144b2026fcb51a140ea13eeddb5a2ebf31c9d6b96fbe669238bf01986d6178ec874910e520976e61f5c227c28630840c8eae00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
310KB

MD5
fa1112dcc66dbfbb541cb24aa0f326fc

SHA1
082c389d7374de0a0a20a565e7174fbae14b467e

SHA256
4bc61a52eebd853d3cf4e948f9d91f11389d0daad8a197fcd29bc4e556d7f9bf

SHA512
b981af03efc244b0c596734f965575dc8433d9979cfb83af8c8020c7db16dc602d5c102579bd82482d32c5eee00ba313253d617b125a73f67a0097fb1dc0389c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
592eb630ac506db27fb2ddfdf46bc4af

SHA1
cdc97f0f18156223577995f20caec5ff97c39c31

SHA256
3451cdacccc5b53d484ab1415592f2802c6af4c58c965cc52ffa4d614a7e84b0

SHA512
1597863643f616ec6d3b989da9a533306acf366ecf6fc6fd71fa7dfb7e662d42e73168ed05a8c13f673d59cdde79fde55298bea4ea8cbbe12acec1d4fba292e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
3d00c4d40503916f6e5371cf7ba0f9bd

SHA1
68c03c664119c0bb90a814471e84f702e13f714e

SHA256
42a4df2bd9954fd5bf2b283fa2b3beb3109ba4f31e3ff465a6ed09376134a3f5

SHA512
e963b6178458c889d779991dd8d597c413ffbd228a34229117aa72afaad1eb65c5801e54d9f5ad45c48a996d0e0741c7dac54b4b5e1fc2a4f08684f97f5e8d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58080a.TMP

Filesize
87KB

MD5
fa504b74c6bd23025fd4ee5fabc0abe1

SHA1
25ddd0674c8c4df55e5bba21217778342f29e43a

SHA256
8d679b19624b31ad07309f0a3e9713c93e7b1a9ff2ce5d4005b370e1f936c0ba

SHA512
393fed7d8145f6d2a8bd418eb642b10708dac81b89e714101d8ccc821e4eaf75b73762a789304b2de32d69336ff809e91162e591973a76acab68e3467f81d70c

Download Submit