865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1

Virtualization/Sandbox Evasion

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

Virtualization/Sandbox Evasion

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Wine	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe

AutoIT Executable 12 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/4728-2-0x0000000000A30000-0x0000000000F9C000-memory.dmp	autoit_exe
behavioral1/memory/4728-4-0x0000000000A30000-0x0000000000F9C000-memory.dmp	autoit_exe
behavioral1/memory/4728-5-0x0000000000A30000-0x0000000000F9C000-memory.dmp	autoit_exe
behavioral1/memory/4728-6-0x0000000000A30000-0x0000000000F9C000-memory.dmp	autoit_exe
behavioral1/memory/4728-7-0x0000000000A30000-0x0000000000F9C000-memory.dmp	autoit_exe
behavioral1/memory/4728-8-0x0000000000A30000-0x0000000000F9C000-memory.dmp	autoit_exe
behavioral1/memory/4728-9-0x0000000000A30000-0x0000000000F9C000-memory.dmp	autoit_exe
behavioral1/memory/4728-10-0x0000000000A30000-0x0000000000F9C000-memory.dmp	autoit_exe
behavioral1/memory/4728-11-0x0000000000A30000-0x0000000000F9C000-memory.dmp	autoit_exe
behavioral1/memory/4728-14-0x0000000000A30000-0x0000000000F9C000-memory.dmp	autoit_exe
behavioral1/memory/4728-15-0x0000000000A30000-0x0000000000F9C000-memory.dmp	autoit_exe
behavioral1/memory/4728-17-0x0000000000A30000-0x0000000000F9C000-memory.dmp	autoit_exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640549494433628"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
3440	chrome.exe
3440	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of SendNotifyMessage 42 IoCs

pid	Process
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 3440	4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe	93
PID 4728 wrote to memory of 3440	4728	865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe	93
PID 3440 wrote to memory of 4944	3440	chrome.exe	95
PID 3440 wrote to memory of 4944	3440	chrome.exe	95
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 3768	3440	chrome.exe	96
PID 3440 wrote to memory of 1136	3440	chrome.exe	97
PID 3440 wrote to memory of 1136	3440	chrome.exe	97
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98
PID 3440 wrote to memory of 4764	3440	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe
"C:\Users\Admin\AppData\Local\Temp\865193b053c15163f5cd41f108a60ce240fe217d792f6e6b8077c3222aeb4cf1.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd40079758,0x7ffd40079768,0x7ffd40079778
    3⤵
    PID:4944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1868,i,4188198787915843582,15522133438213823659,131072 /prefetch:2
    3⤵
    PID:3768
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1868,i,4188198787915843582,15522133438213823659,131072 /prefetch:8
    3⤵
    PID:1136
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 --field-trial-handle=1868,i,4188198787915843582,15522133438213823659,131072 /prefetch:8
    3⤵
    PID:4764
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2816 --field-trial-handle=1868,i,4188198787915843582,15522133438213823659,131072 /prefetch:1
    3⤵
    PID:2868
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2824 --field-trial-handle=1868,i,4188198787915843582,15522133438213823659,131072 /prefetch:1
    3⤵
    PID:1980
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1868,i,4188198787915843582,15522133438213823659,131072 /prefetch:1
    3⤵
    PID:984
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1868,i,4188198787915843582,15522133438213823659,131072 /prefetch:8
    3⤵
    PID:1776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1868,i,4188198787915843582,15522133438213823659,131072 /prefetch:8
    3⤵
    PID:4156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:3476

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion