hxxps://url[.]uk[.]m[.]mimecastprotect[.]com/s/7MXKCWWn9fz1P4f6gDW6?domain=heerema[.]com

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url.uk.m.mimecastprotect.com/s/7MXKCWWn9fz1P4f6gDW6?domain=heerema.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627357389295517"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
116	chrome.exe
116	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe
Token: SeShutdownPrivilege	1160	chrome.exe
Token: SeCreatePagefilePrivilege	1160	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe
1160	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 1564	1160	chrome.exe	82
PID 1160 wrote to memory of 1564	1160	chrome.exe	82
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 1252	1160	chrome.exe	84
PID 1160 wrote to memory of 4200	1160	chrome.exe	85
PID 1160 wrote to memory of 4200	1160	chrome.exe	85
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86
PID 1160 wrote to memory of 3364	1160	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.uk.m.mimecastprotect.com/s/7MXKCWWn9fz1P4f6gDW6?domain=heerema.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84eeab58,0x7ffa84eeab68,0x7ffa84eeab78
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:2
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4680 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3464 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4060 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3380 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4760 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4740 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4544 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4844 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3936 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3376 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4408 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1536 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4424 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1908 --field-trial-handle=1920,i,246676232194723278,15621065516867393852,131072 /prefetch:1
  2⤵
  PID:2384

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\598f731f-4956-448b-994b-505aec95ca5e.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
db8bd5e6a682bec1317450ae7d273b78

SHA1
c8fc19e2862ab7d1d9b38618fd51f85dbc2a8212

SHA256
35c0dd1a2107f35653fbbfd99b1034dc0fc6eed87e3de29935ec582e6bccb9b7

SHA512
867e234f92c0c2ef7541e4d366a2b35575bf52867a89055dd499c7a71fbb49493b0b6ba4146a73ab3f9041cedc52f9a6f7098628e6c91dacde84b7c89cec2754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9b340bd894a6be8b390543f0d5157709

SHA1
ad8e5b51c922ca251fb89a14571a24c095bbb96c

SHA256
12d5aec8829363204831b7879221c9033bd572fbfc43a15a564a4eb5f5e1b58b

SHA512
25566b10987b36831e84911bd3cc65cac6c38f22da24272589415aadc0180a0370943bac4d8e5a37960035c62f3471aecf1f1decbd0ed038fcb53b5ba89e8e59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9a9b89d3caeec7fb87ee0f3641544591

SHA1
af77c0db2e7b0ce990d3b2f3c99bb96e621ed975

SHA256
26c7030aff5466118990ea081f1159fb17563b701146bf600845355054b3af98

SHA512
ee18a5c7a2a847b8bd3aa0b22b580aa7f3f1ed81d168952cef6d59f94b05b7f5c6c3a256f936ee1c11024e8cfc9e5c2b0c7a2ee93bd42fc6b4703a0aff52c2a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
a59ca6bfb5ecb053024701a76cd88c96

SHA1
b1df12e3b3ae5806d8bd1f975fded0cbc4d70291

SHA256
c5e4c46018c9e2f7c9d629ebd4d6895159af22a31aea27f7a2da4c07d1a20a85

SHA512
3938f820c143044251208cc8888e75718e46eceb03bec2bfb16709ee1042bee10ec2f024a5019eff97cdaf92486ef8bbe7d6884b6c9100aa96e90d9cb6eacbf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2959aa8ac2e39ecc4d7facd4621c7f70

SHA1
a429f751b59fad8baedbb1eb49858a2cb935384c

SHA256
e6bf4c04ef361a1dfc78b229336c25e9589852507904bb77fab8a1bf2bcda74b

SHA512
c91cec8ec4041003dd140901e42f4a4c7d3b13ded3cd4e2d9ba25ea71b5a4285cacfea663fd89be4718082d44a4471f48242189804081e50fae66535d235bfa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
f32ad58124c082c1362252b7135e6a34

SHA1
19b61320ff54522592c9d3a258b2b3885865a175

SHA256
3b842aae4e57ba5b784725cd0e701ccf01de03fa56dbcb869ed6b32200a645f0

SHA512
2444ee63b77e76f1aeb66f911d52796ff53590075ca6fafb3c2b049d89ec06c24daa494e81128a73591691787e19d0c970084926cf229358dfec0636bf38ca9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e510.TMP

Filesize
88KB

MD5
49e7961a73f826e366409021c2b2c817

SHA1
f41ec25d6867159550fc374b672b7174e0c1fca3

SHA256
eb67c6092a724213c61b0a0f7c080d7d769700deabee422ab075502801f2d9e3

SHA512
f0761c33ba7ad4b9932e63ac16eb95e8b9644ca4601f2e5da8628f173d832c673821679b4f3f01a814ce397ea157d78d427f63afef2211320dd09b870b22eece

Download Submit