hxxps://eaglercraft[.]com

Analysis

max time kernel
2279s
max time network
2262s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
03-07-2024 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://eaglercraft.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644591542131886"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
3368	chrome.exe
3368	chrome.exe
1804	chrome.exe
1804	chrome.exe

Suspicious behavior: LoadsDriver 18 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
684	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: 33	2528	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2528	AUDIODG.EXE
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe
Token: SeShutdownPrivilege	1804	chrome.exe
Token: SeCreatePagefilePrivilege	1804	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe
1804	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2304	1804	chrome.exe	75
PID 1804 wrote to memory of 2304	1804	chrome.exe	75
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 4948	1804	chrome.exe	76
PID 1804 wrote to memory of 3948	1804	chrome.exe	77
PID 1804 wrote to memory of 3948	1804	chrome.exe	77
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78
PID 1804 wrote to memory of 4520	1804	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://eaglercraft.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd97f8ab58,0x7ffd97f8ab68,0x7ffd97f8ab78
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1608 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3996 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3980 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4432 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4392 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4616 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4744 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5084 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4972 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4316 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5416 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5796 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5828 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5848 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4376 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3936 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6036 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2924 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6136 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1816,i,14783259955591788667,13912637790742008953,131072 /prefetch:8
  2⤵
  PID:2020

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004B4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2628

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004B4
1⤵
PID:4436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\602e6ead-d87b-4ee6-8739-4f5ebb2a5e2b.tmp

Filesize
8KB

MD5
59e955ecee189041f88a5f437ebc4856

SHA1
371ea6a5292e29190aecbe0ac43a1b7e68ba0695

SHA256
bbe7c60e6d0d43cf4131d03d40bbe32429e2a0b5170bfef9366f204052ee0858

SHA512
c1c77e1af5bfd9a30a5e38cdcd1d1e3a035e97f0bec8a3fe9e48f2022498718a0118bee4e6a0c53118fc347d8152918a9f101c10ef38fbfcb06250006cc9e0b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
19KB

MD5
9db75af2ae54430b2c88c452b4d66505

SHA1
805a267ffe69bc89075066761742682e32461a47

SHA256
921262b9d71dc673eed53926026576bdfd85b2f3192e12ec3931de84d48a8b33

SHA512
bacaa8f5afdca197f3642bb4f673321a6448c5e6c10cd10624cd214b3c0a0e8976d542efa2c9724360cfa7116f129b4f6a456dc3ed718cb8d75632ab55c89a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
28KB

MD5
7f5a5d45ee4ea0bd1ccf5178c63f43c0

SHA1
71cafbec33de805f8c65c04ab40a7fc072420df1

SHA256
e47f30921e1d3fda22de0ed56c9847b80e379396ea95d3fe60e04cf9e4c9773a

SHA512
11dcabf8a16fd008783be04cf72e9ebcdc3b37a9a92c0769daa32fcec0a7ac5f1380d5e7636dca14eee05e5787419d2f5782726c94846c39085b325099c123d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a3f06ef44bae4e02a3fecd87510de790

SHA1
ea7b58728fd38aef4887af0bc7a14413d1499e9e

SHA256
07d4ec029618d336df214bdaef06b096d055aab527edd6049a2c13e7fb49b08f

SHA512
c2aa60eb4e3ff0752a99e3bccf2aa8dda53f48a96c236f2dcae69ff972f612ec8f3b165ce3b701fb7f02986aecd03743961a374aa8b1728426539a4811fe439a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
274c94f950e078711e8ab669fe3b0b23

SHA1
d62cca19ba64fc80f199152a465054ffb8eea3a0

SHA256
47d8ab663aa27d52c059d5ab68f413a3a89d75275268a7f1fe0bac535befbbec

SHA512
0ba48e7eba5f911f619a0a185f0ce7dfb9de41b10bfca0ff9d860ff69321585da982ac1d10595e4a1a1587e143fdb022657f2f21cc963bcc0791b08624f3db3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5036c5203e4956150eaadc7706b5d149

SHA1
08f66f9f8deb4593f8034f2aad6ba246d44f87e4

SHA256
a459cd9dc1b3eadf79f18af37f0288bbcc462153674aaa03d99c4c08c4a1553a

SHA512
6b4a8f20c6b24ee4e7c015a60149650db7c56297f7d8edf3d5bfcec955a87fbc49a0daabbdb1ad4b99aa868a773501d08ec51b6d732f84a6782a3afddeb9a8c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1b4bbc8e-5ae9-417b-9c75-cd671a156aca.tmp

Filesize
8KB

MD5
13ecb5864007abe4bcdef0eb49b5d0b7

SHA1
5491c53f90bddb9c6fc0a86bcd317d1725c7cbcd

SHA256
f212300ded1912e23c9eea725877128eb4951c778f11981a101725b5514590e8

SHA512
a50dc89a09c8f02e02c3768779828ca85961900a1b1419f8f3a19665405b69ce9c45cd25e7b130a5721ae6ec478be6d2393c24968dfcb2a183a9f318f64d1cd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
a8e7ee13776f10db0b433bb42185cd60

SHA1
4045a3ff384d9b81703762b5aedf8092065d2f10

SHA256
33097bf81c55c70b4697fbd99057a5f6e8361c6ead4895a1624bd38de571bb2a

SHA512
2864708504b849a9c39d9da78c476f6b34b38f233f0d1fb022d5155d32ef73c05e0b2b96d64b6be0a9baa22e0915793485152bed2a30f22350101be24a298e5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
469b22fa1f1fe42ae87a748133f77329

SHA1
fe08ca6ad653af8d21789e99ccaa9d164f3ff4ac

SHA256
8a838f14dbbc3c0b41b4996ad4ab8cf0654e5135feef4f819912d70e5438347f

SHA512
6dc4582c7ec809cda076dfb14c0f1ee549aeb2a328065cee8cc42c6ff10f7e0a9df572d158bdc181a76bc65638ba811eb4aa72c351b33c94695aeb103acbff14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d15c33e5c6ba2e488314cac81d14d655

SHA1
183bb7f0b7c4d0b1a8e2d2d24db4eae8f5c18a30

SHA256
2044a07c073dad35f427772bc16038d9bab67ba908f9de5baf798f61c69925e6

SHA512
6f62603ab41ba2dbb233268cf677595090145ecb6d9d40b2455307e826a429691a7a8629729342b025811221250a95f3dd9b352dd0cd5e06f58195f01b30125e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bfd8c06242f63b593c9fad32fa763278

SHA1
edd23024d283ac1773664ad851800a0e0430d2e9

SHA256
ff1c1c734ba95cdfe62b31460694ebf3fe77dc1f364c744935324170d75878cf

SHA512
7e3620fe4c19af080a5ac5524aed2951e60c19de4a1c57b7a6d54912ca7534ae7a5f216a91b00e59f2ce5fdf1fbc1c1118adfff050805c8fe93f74ebf6e9609c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9e5af129b1326f0c4183ae25e4c61261

SHA1
1372e47048d8a3096f87a881605f96e79b1fb75e

SHA256
42683b728eeba1d8a54d3a3a35293df66c2421e19ea1dc7fbeffee3bad0bcaf5

SHA512
ffa719c8c8337848caedbc4922d0c20b3a8576ebfb60cd44488e2596633f5dae08c9c8ba8bf4523c7720238e77d566f1072ef30badb2e9f470a8f6989172ff27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ed5d269c3e21b42ac3f6a94612d8603c

SHA1
ced07b626c0163855980376a27eb3e321692fa9d

SHA256
c7bcb907d341abada49783529841640cf58b947a2a1f226f92fb4715fdfcbd21

SHA512
8cb2d1f64a7be0a190391d7ac286f35c820f545f8523bde67b94d1a191c105cace640986451c5d17a640f21f0ddb26eaeff33796ba2e2d541bb56d1053849bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
97ddd0f97c776fefb7110cc1dd144d60

SHA1
afa7d60cce8de8f1e944973b7e47a54a8bbf550c

SHA256
1474ed529c43c321b3ab9e65289d0145ce43addb7589b702222c0dc9efba7f37

SHA512
29ddf4d7d138aa29eedb630575a5e1d0bb659176ef2756120ed5b7017fc372d9495d45ba579cc3edd06eeddfa4546555893e83b8bbdcadee0c89e67cbf35eb86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
55e9d959661e0ffa5faf7562c555e0aa

SHA1
b765b6cb3c7af86aa97fe822ec9169faf8981756

SHA256
063784de575131f448ad07ffbfb340a9331d5ca88f9c89eabf4dfead6850c260

SHA512
69815e5c213c6c3679d93c33b40963288d02b4e3a8388d741a4e8d7051559bf0a4dd837b1d732ae1f21fbf35a3f01788678d86884e8e954c8f2ff59a6239ffe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6430fc166c6ef05da7d2bc3960962131

SHA1
9fc2d1f97677f61ff0578939b9726b7dae866467

SHA256
8c9b57e8455e03d6cb0a656e3770129b9af286c7f33e4fde42f634377ebfcce8

SHA512
fecac5eb26e38240080a63a2204eb5d37a5b677f0efddbdb6ee7b148f576b78532c20deb53fc1f6788397bd18fcaa591d5840964add88ed9d26010f3c5705518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a3e6d5c914b828ec2ee4fd8399389437

SHA1
0999aaefd4c84faa4ca4d4576c0c947c06309eeb

SHA256
68b516ff6ea104b10611027aa2ff4e2a3bfe2b6725bdd3f30222be9597f017a3

SHA512
7c56c02dc4ba517280c878059a979895376cd9e52613e11b380bf3153f6cc727ad1e39339811f3ba8d68b88144bd3dc42d55b49d1259c9c33325d287c5009c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c4637a28411baa128da8e45b23f258f2

SHA1
485ca4abeb3c2a0879b4cda622e2affbeeba6c46

SHA256
13236d2c86a6ad865013b2448c12adbd7c810c5af68422ead944446c3de6dfa8

SHA512
97672845ca7a7744828db6ee110e41f68b7091965341d9013564455188e30825a35606d8ba7af059c10352a9a2bb46ba20e6285230589fa0f729a030925646bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
9aa07e469d8699472fb8d97ba2156001

SHA1
e0de158de38fb8d1b5f1fd92f19e55425b413ac2

SHA256
31ef68a8120d070772662ed59538b9043f0d898583ead3b9ca029ed2a7ddce44

SHA512
b0db2ddec519a4bb0d0f67281b3c8c019118d1735dc185dd1a20bcd1027e15f1fce48419df48873f4467f3c14dd362d2a415bfea0dba1b0119d346ae2346832d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
381071c927644fc540f4d63ec3f1a7ba

SHA1
a593c9b5d45bf1ab9824cddf1eb968815f0b11aa

SHA256
ac7a5b32420d225c68f955e04900014878cd9f24b374a4b796416a465487820d

SHA512
8b2bf1c1c1b1ffbe378b670f96b85e2e1f22e52c86d2d607c5ab2df1a91ea7379fc92cbd817d56c4a1d350402eaec706a2d1ee86c14ffa55baac83466d6216a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
49602df3977e63ebdbd4fe6c0d64e656

SHA1
32fc56cb4641004476bd3d8ef5fb9aac33b5538d

SHA256
763d652849fad8177a0b0c9729d8cbe81eacc61999b45bd52e7b1cc01ae90241

SHA512
fd8d24be2c500d2337956b6e1a856f2d4b99c27db6af5fc6a103d540be7a4dbcce8fb2136900b266b9981618d236201660935abafde574706e6dd24cac3c8d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
d030189049b1d2eaf6cef0b85622d0ed

SHA1
9ee854669437c09c2932a91a779b55aa6ab9b41a

SHA256
ca06df18ac3f10a3b6ce7503ea7d2658159b9695bd41d9dad733a331c46a6786

SHA512
7163e415c61c7da7326576c9bb7a1cf399fce09fc50de236120860839b9983b85cece2f244f2c15637bc64d7fa26501d0c3b3123a0aaf1a2737ee00592fc4dd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
2fdeeb5c7666c20fcd59c22e69357433

SHA1
55881badc2c7077617efa0feb3a12ebdae9f0e80

SHA256
945413ac88a49ee72994988cff7a839fb660c7458c7ce1e16a74095cae5d0798

SHA512
6a5d58420312bae35909d00030cd2cc316a2d950b77e5a5d1d7942cf65352c23ed4319c30e34b1c8bb2872486675cb2493a7669d36ece47f0bee0e3ff28176f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
a72c7eb89c0919e178600774aa296332

SHA1
a9a0999b1501fab95cacfdf96c04605ddb034977

SHA256
1b9f8e72288aedc65be03d8a43c31a9d22d86ce727be1bca4cb0e4855fdcd7e3

SHA512
b99a4cb62c4bf9788e777a20561a980d69c1ad2a609e60d1de7442441bcbe03ff7fd7d44de898b9676cab85d2fb7a4c4f836bb8de127383eb4060ffa9f6cde9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
87KB

MD5
c1df83c9d9709faf3a20f1423ca72955

SHA1
7dbfdee50ba76fff86134e24c888d8491b8c0eb6

SHA256
db16f93f52f7fee278076befd03f3af52499696d60c45dece7673305ecda9f28

SHA512
4879e3b806d22a13950068d5c124d9a177d562eaad86b9a1bf42392c194ca4774d9ab0353cd12b79d770afc48a1dd9d75201e8b6888499901663c7466c219e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
d16fc085c04ce6ad458084ab6d3603fc

SHA1
f20539784cc62e49280d089c5690a245670b2aa1

SHA256
18ccc02797cb3d867b366cae2129af9f674214ad8f04399e8531b2ce79fc6e38

SHA512
5776e67b759ed856717a9a03702f56bf44dede6ea6ee5717d176554dc45280fec71363cf4f596ad408d6ce862a919e1024eac4e066f7567cee288737f8791e6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58369b.TMP

Filesize
83KB

MD5
e96fba849c7e174ef6c675a3939158e0

SHA1
6e9de723c40990fb9f900f078a8e7f049d0bd66c

SHA256
6c0da501938967d30472f739958a28961affb14090e825913f51b04b835316e4

SHA512
7ef97ae5351dbe70136c0b9e1f7ab6d669b55725004be5016dafe75aad0401ed303606429e4ac6d81eb6561f27f8986b3c23841b1ff48fc59ab045bd8a58721c

Download Submit