16022f35e78d0af80617b7c51f48b76d5e63c5cff320cc8ade565a3aad3e454c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
30-11-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

triage opening.txt
Size

21B
MD5

dd4b44f021d5fc3e556ff2bdae1f55ad
SHA1

10b1dd0136031e9bfb6d90e10b0c76127542b7f5
SHA256

16022f35e78d0af80617b7c51f48b76d5e63c5cff320cc8ade565a3aad3e454c
SHA512

89c2d1e5057a32dbc70d216b57bab345ef43dba5d7cd198e66644ec8d8492ab63c9f59031a07ad9f634b87d0ba82b954cd8efbe4af0adb254e52e418cd2c3707

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133774020335234393"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-584106483-899802418-1877852863-1000\{A6986B4E-D953-45F8-82CC-EF6B3A2116E4}	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 5240	4164	chrome.exe	88
PID 4164 wrote to memory of 5240	4164	chrome.exe	88
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 1108	4164	chrome.exe	89
PID 4164 wrote to memory of 3316	4164	chrome.exe	90
PID 4164 wrote to memory of 3316	4164	chrome.exe	90
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91
PID 4164 wrote to memory of 4380	4164	chrome.exe	91

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\triage opening.txt"
1⤵
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc162ecc40,0x7ffc162ecc4c,0x7ffc162ecc58
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1904,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4588,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4584,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5364,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4720,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3448,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3416,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4036,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3372,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=504,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5540,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=904,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5396,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5456,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4468,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1184 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5760,i,5078075129093284563,4748032065953431646,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2572

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4224

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x38c 0x384
1⤵
PID:3296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a3cd9e019e0b257d55cd3664f8a247fc

SHA1
9b2ef4961554cfc0baeba7ef68030b16eeb2efd0

SHA256
59f69ed460a102fde44fab6a4d154d6a54d1f003f317d0a3da0c332070fb6517

SHA512
6a8a39087a9925fbc59d3faaa65eece55063c9099443c141f3e60750d1977013cd027590abed029d9a1f3f1bd4d382da69f6ef4af5eea29c9dde006d416ffb87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dcbcff95910a5ff07503b6b142f6ac03

SHA1
127cad1e512c20d41a12cfb1a6dac232a6b7970e

SHA256
13e9dabfbf93e7233e7438e25726f0ec717dcdbb45c5a914443afa685ed946c9

SHA512
449271362fbb96e32349e0c5a26ced85e07c8bbef4d80d76bfd74b3fe58d08f39055c8bdc0aa9c3a0f8d3cda002c4b6df105d0c0b51e98dad8c2eec867fcaab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7b7f1dd50dfbc3229febefc715a94f06

SHA1
cff5617409c4813d2d5afac8515efe749e01094b

SHA256
a9c4c2fee2053f6d9bf30c7981019f410efbe803ac1413f8c2bad56f7ab4f7b1

SHA512
c59e546b4a443eefcb944ae2a05ee6b439012d1628a79f19b2b66d38ef16d9a7bb699b577fdd90e03701e5213dc05604c1020e327622c4a4e9e8b8215ceb4781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
fb03f4c41dcfc49dd2595d56491f4c5f

SHA1
ad42476f7d87ba683eb62d0b5bca0a2471e7781c

SHA256
b67fb300f727d2c91556b1bb7118b3051bf586fd22fec1a9851ff08232e31c52

SHA512
58412031eecd0da2b73785d571f080ade2fc933ed764f064dafb470656c629634af9efb981d1349a3e35825338cb582b4e4cb556cafce9ee210a831be933f90b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
514f8ce110843938d8d3472bccddc048

SHA1
235b93922dc7ea26a0981402a04161ea541e7441

SHA256
bc94b0e59dc728cc39f5b4ad5816703ee9ad059069e9961ac333005f3e7b3c9d

SHA512
fa695acf8b8de895940e81e430ff88f628671022cf7cc7ba8c5d1f3aac15419f8570e31d81cba0a5e184754d1ac15941f52f54e57664d9b256bf764f392add75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0bdabb5ccabafea1c78329400674c181

SHA1
f9c7559c2f2e02b4fde3773f678d459e58673013

SHA256
0342e87b7d7f80775d9c5fd24812795785aaa4c1deac568d2acd3a685ca516b5

SHA512
fdb121de9911babc483ac598ffdf35542d827e5183b99fa2f37dada97b2ea607799a843c5227d5e1bf1f047e4da04d7a846bdafa1d5db864961df4ca3db58c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7a4de276e687ed00f0755dfc6fb9f9dc

SHA1
6a4fc63a92eade9c85fc45cbd0dfde0880555eb0

SHA256
ad0022b7669f9b6752fa72ff0178ac5f3928fb43031260db5335535548cc4ded

SHA512
ab31848369d2aae9706d98489b9803abf2d735471c824b6a8d5d873585b1dab6b6270969eb79a9bc2fe16cdfa3e9a143e77b800d6ec6e8ba14fd2d355b5a813c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
001ac3153d74f9bd4b9a46ccdd06bea3

SHA1
a62d9017cb797535783adba3b15974691176d799

SHA256
d1d47ca18a1feb3adc9e492d686d04fc759b3f274093d0245e626424aed22d85

SHA512
b0da2b6919959b7f585387952453c9622163bd60e2fd386aae686c7227ca116ec53a260adda87429b7a2483ae0937cc474116d14f61e32190420463e777e97fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ad66bcbfe64e9e2ae2c8ac4d35a11fa2

SHA1
faf4cc095395e9db736d576a6df742af4a692043

SHA256
ee272cb605ae608e00f059ad57f305e3a2ed70fb13b4d140bf57a96b9c55c42b

SHA512
afaed0b6e80b337ec0770296324e7377c127ff9425a3d58d79685939cb50982f17f5e41de4b053a65b2a422b27797c9cbf7b768a5371970049824c212a154e8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
b84b9cc3d806661974b433b6f05ac3b2

SHA1
3fe119cc003a7f0f547f4b1f73a2d2827c976801

SHA256
f24937c83c36c9648f4c8b6c914504829a79e1063f6e32ddaa7d2f397c250593

SHA512
f9515ba287da34b26be9b2fbc7452677cf08987f85066741ce6ca43dc687acce3397d0731c5426bf0191506ba098f18e8100733610bf031efbcca9964c2b5e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
417c1ca2b6f513bf3ee00ea8d2fa5153

SHA1
a724d40f1814056886ee10ad997e142849eca74c

SHA256
028ed1bf18d31cce9b5373d26904fb38cc57c1b848361001c5a17e368b7db999

SHA512
82ac60bfd1aa048894fc34576977d8ce16132632cdad43ba9c81a6ca234d65ea2a30f4f1273aef7450de2252d26fcfd71c1128362a7705f82f0ddd17a370e75b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ab3623c8105c560e00d16c8ade54ffb2

SHA1
0a740c77d8c262d81e6c63a6d970aace444dac6d

SHA256
60693e80d1098e28a5bb4251a1960a6bbf10b4980fd76b5643008390f4cdfa38

SHA512
9bc057cbf2eb38db67e3084331f1041fd4577fdbe24883ad6e00209bba8cdbd7b9736de2678f6c254011c5c7c3d2817cdc48497780a2242f2140503b17957167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a1b45ff18d4957c20ac0fbd0cb7475dc

SHA1
7ecf00ffabc619fc15136bdf60ebb54560ff2400

SHA256
4c5f04a2bf40d0f7ef94c413206d1053e532a71b7b1bc0b9bdbbf378132a194c

SHA512
bef46fc107a10afc2612163171ecad11d04f67a3576e5ade8dc4637e074af1d8fcbe92e646fe02a3a52a73a1070bc50aa9a344029f3b68c7b3d04bce4b515e20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0044354f2603e97b908f31b68f5294dd

SHA1
649c607fdb4c5b7ca64da511a605907d4965e389

SHA256
71dacb1662ece9a8f9446144ce576ad2ab42d62156099b821ae543f0028adb90

SHA512
d47a553e105bf563e32fbbe78772f548305008b1c8d87eaf3aeda316f7cf6a2124f6167e7c459d65db4b651a462c0219f1da9495d7c3a7315f2a17175225b345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2a0652faebb711b613bf0a2b8d6a1d63

SHA1
c99e1fce0480dd8180a34931e9beda4ab3be0e18

SHA256
3340217d7cb81842caa1ca89b5351fb41865ff16056c77a71d24ec5ecb45f3ea

SHA512
151d07c3ce47d27b6cc9c66f8e774cad5291fee2aca8d16a0ba575e1639304cea2b94f659536335e52fc0c3ec72d156f79de6b5699fc938829e108db6885fe04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f12946efffaaf7ca933c2457bcc4948c

SHA1
3936b5d0220990887dd66c0494ca3a6288337f44

SHA256
fb6e4ac87298d33c8b178b9bc8d8cf0f8c2872684436be4ded5950994a330749

SHA512
e9fd066cf6aca3114765c55aa715993ecef38ab177b80f9c435a470a5a3080d0a43e51c7b93a060d1c18b72d23ff96a75bf6b0ec1c0882853aa6c3f2fdfa0328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3c2187b0f958aa7843bbbc65ea0c50ab

SHA1
4e66eb385ebbbcc079f0cf72550c4dae57d2108d

SHA256
543d197c3a25787502da1f3e4cdd766bcfefc6132e8fba67d8f4419561d798a7

SHA512
cd16d8f10f02ff0e79c2e298bd13827e9369e1ce5caeb084a12b055f8d654047567da596b855620ce98ba03595e90e62ef109f505a79dd237cca5b0895c75629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09a29597a4b729f34312e69fa584e288

SHA1
682f2f091516bf44a07e1c88351298d70d1b26d8

SHA256
b93387fd613b4f231cb2e782d09f5e3a738d2495e8e61f794a88de1ec0203ee0

SHA512
2cbe183c8b2663934d516807c3f18bbddd126de984f8f5251f5943ac603b98ab7f96bcd2ba302bfb62cec1ee20d77af65d149a1209a9f586c4c4d932708193ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d39e6266372dd0fbae137e8f6598926

SHA1
01a908b9781adf18bb8cdc867867642bd251db35

SHA256
f67269746add2109ebf30b3435044909a032c995acb8320252fef456a5d0faec

SHA512
799a3a7ed15f72fdcd8fc88eaedf974fdfdd92a6130d1e431ed5a6bb225a35f28e6566bd9eff05846a880648eb425eb77baa903d2739989b6b5782a9bc2f6340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dcab0c24ee35d4d8cee54f5916593732

SHA1
5d3bbee3c9c17329461d6cba98ee683857493a75

SHA256
61e8f7ec76c62713704e1a92fc43fe654db5c97f08f4dfa816fef4549c95477e

SHA512
5c1345b75543858bed699771fcb03057e6a29baa0bdd3233af28ab7d3fd714b31156ba7467abf399a653a99f4643aa6963326c14c4c7a28b380c7af71204d11f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b6416facd02bf5fc2f5e5b015ba6639a

SHA1
608958a40535d32ffdee92beff97e0353f57b97d

SHA256
ae58e1bf118d3409c0ef8c09c31ddee68a5d2bd9797fd8904da2bda9556f955c

SHA512
1ab1d80de555ccb07f74976c27018f0bba368c836bdb3f935e0bcff443f85b2946324287ff8a05e99e8da17373f00b4811efce59f3a2bdb61c04fd4e7fc133b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3d574e273cada1ae2dfd84a80ead362a

SHA1
699c3b384a0f7ebc384f2e982a2a105cba664a75

SHA256
44d30bfeb5ebcca324e50594ed4c87ca98756d018b5a0a020bd3d3798cf188b9

SHA512
ff3f92532aac4c4f73f90cd21dcf9f6bcd89c8af9b276b3a4cf7f059f68b716a33a7bb07db55035247306b352b559e7873fa1bd802c87db512cfb46c18d1915c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
750b5524c7fe2ce1209878140b3d610c

SHA1
a6ae835f0b0c789796257ef2f32827bbe8edff4d

SHA256
5fc98be5ff64982fd4befa19bc5d6ced0f386b777c20c01a4d453d5cbe6ab0c0

SHA512
afcc9cb3509feb1e743a5f8b23a6ed506d3641ccc7fe65b10917c2206c2dc993eff740e806f4b3cc9ba42cbbafe9b15de1e40f7f6a3dcd070de0a3009335bce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb39ff3df20f7a38b1008017c1af0eea

SHA1
1442cefda055de2236a8523c322c33c141a28096

SHA256
1dea8d45f52306c5d0116a1c2966ad30120f3b488efa8a4fa49d4011e3811896

SHA512
31bb09cf6553dc5f65b73574fd68fe1d186dc77d391857bc220699d2409bfd003ad9d813e69154e496b4424189a450d604e67e52547c346c4a1eec7b60f29045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
087e2061be00fd674a81143b3b9bfadd

SHA1
bdd2204db25803aeb97fdc589046ee920c46df87

SHA256
36ec439532a407761b1eed688315e3130b25b16af4bb6967f4aa94a79ba6a5b1

SHA512
967c73fb12dd7fb6c568397b2cbb1c0364b5ee43bdbaa7456e5b7ff81f01a053eeff57204c313255fe8d4c0b649a44c53a5e6ef8882101c166bcc2bf2c762758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7825ce2421230f4b177ecae6d6abfe30

SHA1
e0312ba2439092ac877cd79f202a16a5573a2e2a

SHA256
b0d36537b65ae4bb690c92a6145b17bb0cb61cfb1c59bcb37ced8654dedefdd3

SHA512
a2dea6baba0bfcdf4457727dd5eef35f911278da6baf176bdee27d3ffba1cfde56dbfd5a1e79a1750795cc66209e570a09a7b6a6f24f51ea0a1e476f1d63418d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6049f9e99d296a48a2f36a9334c247a0

SHA1
5df3476ee0ce3f056802d409e64b1ac898edc828

SHA256
fe7aa5c8b0e953e12e38272735d7685b212aef85c8a91cd735c464e223339f5a

SHA512
5b15a6cde5beb0fdab31cc4aee14837a44fd3b3400bab17562ef2eba9dd2e7a3dbec4dd4dc268812a7b576f6eb0d50bff88c91ef660b3400bada9f1ba73a8779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c32d4137-d786-4071-946f-90444631ed45.tmp

Filesize
10KB

MD5
a60e9b688cf55f3c10d6d9df882b8dbd

SHA1
4a7651f817c14c860f00b9e603b050bd7dac8cca

SHA256
f02d61ac00ad8bf84636eb784c37e7729ac7915c0269363ea770ab23eeaced03

SHA512
b5c5d14c3b3368b2aa07cbd4292d4061a0f6a49b237ae7a9338451d683dca3286221c8da0defd5bc8def226f5ca2fa38a55834885e65b06daf37efd5a603009a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
dbe359747a6ce175ef2fa238616aeb88

SHA1
291fc164722326fddc5cc8c5ad30a7d71ff9f6e4

SHA256
58a958af3ca8c3f0c431dff04b5da6485fbfd2cf572c3cc8b35f5a80b8f8b7d0

SHA512
c856c4cea22a30fb317992e47f7447f70d0040f30cc745143b04aa891ae741cdb61ae4e92bcad4f69079e486b29ae103f040041c58c11f85906a5ca1095577a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
269KB

MD5
94d78d3148fadc3ef921954122b8bfbf

SHA1
d96843eb85cb865d182a45f481a37d0b5ea2e7f6

SHA256
f7f7a8f76c2a24318ca64773b9b25e1f0c2b472e5b538461f589960c59ef8935

SHA512
d1c7042eb58b69506636171929005063fdafa1b15a4d12dede36e9325ee7ebfffdb81a749434632a2faef6c31a8d12ed60e1d20a543af441fc2dd8c79fa1373d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
0acbf0c9cbb08f575714e647d0ae44b6

SHA1
4b2038c467bbf981cfb54d2c1137955970de0085

SHA256
ea32dd54a79b52798b8d4b3af6e531c5f1b0b80afe9ecc9ed0671b2a1f2b5d36

SHA512
043d567e50fd58b333bef8c15c2d28916a7dde1435362310deac319e4ad5ce67658db39d9db0ef4550b103ec703265ff6083b1d6f34bf02a0137272c50665344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
11be1b1f9b0f5ecdc9017c8178e58c83

SHA1
f557b87efc2b43aa2c832d3902db9e436b2c4665

SHA256
c0ac504ef1340aaf38a8f08aa7f2575146758c9bc31b859a16f26c5427e69227

SHA512
80e75b0690c7e58d51a57c37fbb328a979f6bdf57abf5c6b80ad5d49a7e6963a36b0cf1fd2159b429aafe156c6be4707c8136441bf6c2acbf1080c66d02f0447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
97b91bf67211ffd34ee0d697eebf53e8

SHA1
242f636b0a842502a6f1471a79b5903b7107472d

SHA256
eb9351efb052752995a0ae284110d6a43fc4b6a107c73a0c6f5c46e64a5660b9

SHA512
09be7025181351530f4312c6e37191d38b8315f6ff9a0f0414e2d4c97a7b360af02e0cf6db42e4fa4c447ab8e6a1cb4229ebf85d4557cbb75b756365893d4479

Download Submit