Resubmissions
15-06-2024 00:12
240615-ahgpbssbnh 115-06-2024 00:10
240615-agjgjawbkn 415-06-2024 00:08
240615-afdvnawaqp 115-06-2024 00:04
240615-acz9gs1hqh 6Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 00:04
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://Google.com
Resource
win10v2004-20240226-en
General
-
Target
http://Google.com
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628835420445583" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 4952 chrome.exe 4952 chrome.exe 4432 chrome.exe 4432 chrome.exe -
Suspicious behavior: LoadsDriver 18 IoCs
Processes:
pid 4 4 4 4 4 660 4 4 4 4 4 4 4 4 4 4 4 4 -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
chrome.exepid process 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe Token: SeShutdownPrivilege 4952 chrome.exe Token: SeCreatePagefilePrivilege 4952 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe 4952 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4952 wrote to memory of 1928 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1928 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 1156 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 4644 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 4644 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe PID 4952 wrote to memory of 2076 4952 chrome.exe chrome.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Google.com1⤵PID:1516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4548 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:11⤵PID:3368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=1344 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:11⤵PID:4300
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:81⤵PID:4916
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5520 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:11⤵PID:4016
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5796 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:11⤵PID:4464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5824 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:81⤵PID:3608
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\ff6de143930545c8b2194beb9ec2da6d /t 4048 /p 38481⤵PID:1072
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4952 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff83f079758,0x7ff83f079768,0x7ff83f0797782⤵PID:1928
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:22⤵PID:1156
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:82⤵PID:4644
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:82⤵PID:2076
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:12⤵PID:2348
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:12⤵PID:2088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4628 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:12⤵PID:1632
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:82⤵PID:3932
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:82⤵PID:516
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:82⤵PID:732
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:82⤵PID:2588
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4960 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:12⤵PID:888
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1748 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:12⤵PID:4164
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:82⤵PID:4524
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5808 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:82⤵PID:4696
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:82⤵PID:1452
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=880 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:12⤵PID:4712
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4592 --field-trial-handle=1864,i,1376553379144882304,17012577723658405860,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4432
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3624
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f8 0x4901⤵PID:3300
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004Filesize
203KB
MD599916ce0720ed460e59d3fbd24d55be2
SHA1d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA25607118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA5128d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005Filesize
24KB
MD51fc15b901524b92722f9ff863f892a2b
SHA1cfd0a92d2c92614684524739630a35750c0103ec
SHA256da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4
SHA5125cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD5bcd78a681ee48e33958b9d73b0f85177
SHA1aba3085b75c425bb04bebf700bda73930973c665
SHA2568531eff6d8e7ad1f4c62453165ed36dd56ba79b2b0efbb2e74a25b0ad53f9b8e
SHA51226c2026264d27d6a12a2550953cb47f7812c9846bb53d5b4e6d2f8a8066fe377fb3307bbd68037440a7dbccf0886bb0aae3bec91d8b4e9fb7ebfb787ec62ea7d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
552B
MD50ff3c454fdef6a2c5cf7a1dbb2faf8bd
SHA10da5bee53dc5bdc1563211f9ff6be45792d8d795
SHA256a66ad44170bf27ea89531e3b6c957de15d1a5cf89f6b3ea8580b45cdb937521f
SHA512127b8f0d60259021c7b597105cb9a73c6ece31b8dbf89e2cf9164a670a0119da60b1e904ed9dc51aacde0f18c5c01c090f211e4207e37c2eb570ba8969c71c06
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5cde2edf7a04aee7fda1f864adc106b0c
SHA1fd217e829f7ed2412f296c53705fdc28848e0fcd
SHA256bb773d704eb0d2b79476d3afdd9315455b374b17d4d288ab0cc64abadbac55fb
SHA5129d03bd037886ced48506205f1c04b406e63377abddb14d682664c20d0507137ff2b11d6341cc1f6757a377bf56dce164261239198ae95ab1cf5761beab5424a0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD56ddf2e8d73101e03f2772c7e18c95e70
SHA114ea6dcab1c6f9b2788a76ef2527839b82b9e0b5
SHA256f704f6f6f80e355d2ae870938548713dcce59659e95a6fc5f6ff39564dbad7d5
SHA512f90e301375ea81b5efffb49f4caa3bdd89b613cdc26c4d720e33858b63405af9069c1ffb5bcac1cdff494ce076de4045f8e3cddbd3fd3d17ca6d76ffbae8efb2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5a98867a439e08f0e8a496897dd740a1e
SHA19cb9d6aee6b0030fbc6c6dab4159633554defd6b
SHA256e64143c7f8b32445281ca7261f5862e60d3445f80f59b1fd827bd32d6ba3f809
SHA51221a4f1e99ab6a0562aa7684c0141c2e1972d6b90a9df29236918b3e313787d9cb88853d39cd7bdee2020609b0eafe2b5fdac6b8bf9cf6528ce35ffe31a5388b8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5e2ff759f916e7c0cf09ca7104c80bc60
SHA1663c15e9debbfa8683b10f5ebf68b6dede9be753
SHA256ac97b465fa5e34126b03974201b51967b7fa95ebdd83b8b42e3a96e0dcf72256
SHA512c9df6bc6ceba70498a760a4c6be4e810a5b53c36255a540a8478c65e9072505073f2f9110ddeb0a204f1571dc454170222d4029984ac165559daa18015a75474
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
369B
MD5d05fe95020fbf5a855a504e0ca17274e
SHA1ba1f5274e44729dea74af7ab8c89126a713fd972
SHA2569256044a339f27f3a5eb65cc5d26b98f4ef7f6e4ecc129df14c5162caf05c90d
SHA512acab2cffe7a35b3fe26574657af8f8776ce0a0d409ad64c7c19cb5251952e85f9cef094f18905c460430952a38b899073055c0d37cd3245e7e76e5c52f07aa5b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5b3d927f387bf1ce5f162502cd7138a6c
SHA1b063b0aa9f86ec50f408394f281e2d6cdb1c20f7
SHA2568534dedf697f0e56cd949023947744064a8fef08def332cf45d0b5e9ca47995d
SHA512483a310921df94604abe0e0d14229975afe394b928d9467fcc41255d875a9d718f48df0c870efbca4415d2a48a6d19230b963567d6356c6e0d51c904d4222ce5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5f47a6843046f7c64766fbd79f054acc0
SHA14cd68c2243252eb27ff589a3a53dd38d6223b3fb
SHA256616d2cbfcb1a1b6cd6bdfde67beca167c30bc4b53e31888afc65e0db22bba4ec
SHA51289b6adf570f1256a62fd2802dc9541635cb937a0496e846e1514a17aadc4c66bd55f7b8658a62bbba63752a53c3b014fc78123f1ce6d5c11604b03d37cc2e89a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5b8249bee5ee7d158628473f7e4bed5c2
SHA1ba546f2190540c2df5149bf26fc24498b7f4df1b
SHA25684c7ad20febab5ce53be6d212b7f50d26927cb69bcaa69152df59999291a8ae9
SHA512740849ec2ae67db5723371faa05b0f4150a120029a42283b5fe9fe953e3fe69cae802a4b14b03d03245c6cffc13620aa6377408557db04c396fc252ff3cb437d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD53e356c2cdfb51502ad31119a449545c3
SHA1e6617482c4ab953a8107acc8d7c3a57c5a08497c
SHA256197dcc48309dcebcce05bd4aa73cba1fadd7c8e94c25bbe040dfc99326b3d700
SHA5127b5422f0246db333531e88c3378b68040b818f60d7cc1ac8af290160ec13f3050345d6b343992395f7cae04732822c9f695c6f21878323a164e333c20dcb8bc3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5d9697866629aa3891819f55c7e45d410
SHA1f3a257494c2521c5ddbb304939e2224a626311fe
SHA2565824908ffa450b234f51f30dd81e26db06d09421a86f7f05279c96efda064b62
SHA512da495038090f65190855e6aa3cbf0574fdfef1865990f6b081ea8eec790c971e70bf6ea4331d29293b88824b1a2372b49986579115b6ac48ca23d915440afd92
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD58881a07abcca41ed190064f6e99da13b
SHA12cad996cfca5905b90cf15eca66e9e6c7d4a6e88
SHA2567d1f80893d544def8b612f4cc6cff761cb83602802ccaa58a591a0fb67a62912
SHA512c2aa79f6df3a191dd0c58e8683ea1e7fc2d7510160132c129713d3f786be4c1aaeb09da26ce4a494438f24f6789399c32f79286fdea3a5da29558e03dda05663
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
276KB
MD51301cc820f9ed090f2a4713b37ef2918
SHA111d90834cde52954c06a29951250dd10d7891b62
SHA2567ba2cab96f1827d1efd5b55be1827c9518a4575e4d142dacb01171575a2ca1a3
SHA512320aebb35e9f6e2a4fcb3d44a318f8969e53e6fa34d23a9ed382194e15a15dbdd1318d3849274df16fe85757d8e5cca5022b9309f4495faf931be4ba79320c46
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
104KB
MD5516439ace5298689f9224fcf2ac885e7
SHA165501c43e028519b3c5da8bb864c9b1267ebb205
SHA2564d6caf1cf3edf85ffe37dffc11922564acea92941a7bb111a62ba8dbc250d6d6
SHA5120a9fa60b408665c86aa460195b66db03ba44de4aef35ad51ff785602872a8c376cfa96b3289a6a88fd3d1dbc5bf47464db5f8077cac605bc5f357e5998d4f102
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59719c.TMPFilesize
98KB
MD54d10a1a44b700240b7a1d50e57391498
SHA1b56efba91546b5d1c7a27b4ed88f76a4a3ce16dc
SHA256f5a11d8513e3cb4647aa4f544fb5d43a9208f9dc1bf59e5fda322d109a6af286
SHA512e8e6850c8db455303674462c7371f926f85726e810332c5b40b0bffd32967558156d1e37a643c63ce771a2ec01188e2f2e55cef8a48efe8bbcfdc6f7b4d9bd0f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
\??\pipe\crashpad_4952_FEFRTEPWTFMIAOLKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e