f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240319-en
resource tags

arch:x64arch:x86image:win11-20240319-enlocale:en-usos:windows11-21h2-x64system
submitted
08/04/2024, 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
Size

1.1MB
MD5

33d0d9913f3fc3556e6266e26d6436e1
SHA1

9c7e4b1ff2e5831d9955b33658c97e4b235c14e7
SHA256

f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89
SHA512

6921af8b43d92149f597c5bdbb80aa3f3930bbfe2ae6ea1abbed2c3b4961d3f349abbab40000182f849681f5b6906067fdf3f5581674dba6b761fffbca32a658
SSDEEP

24576:jqDEvCTbMWu7rQYlBQcBiT6rprG8aub2+b+HdiJUt:jTvC/MTQYxsWR7aub2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133570433322787651"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
580	chrome.exe
580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
3880	chrome.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 3880	1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe	81
PID 1168 wrote to memory of 3880	1168	f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe	81
PID 3880 wrote to memory of 4748	3880	chrome.exe	84
PID 3880 wrote to memory of 4748	3880	chrome.exe	84
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2824	3880	chrome.exe	86
PID 3880 wrote to memory of 2980	3880	chrome.exe	87
PID 3880 wrote to memory of 2980	3880	chrome.exe	87
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88
PID 3880 wrote to memory of 968	3880	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe
"C:\Users\Admin\AppData\Local\Temp\f6444b174442866f58e046eee6b492e84494a2d3ad8510a3baf6bb02af609d89.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3880
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffe4e469758,0x7ffe4e469768,0x7ffe4e469778
    3⤵
    PID:4748
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1824,i,7842350975333607250,4858557640955287462,131072 /prefetch:2
    3⤵
    PID:2824
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1824,i,7842350975333607250,4858557640955287462,131072 /prefetch:8
    3⤵
    PID:2980
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1824,i,7842350975333607250,4858557640955287462,131072 /prefetch:8
    3⤵
    PID:968
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1824,i,7842350975333607250,4858557640955287462,131072 /prefetch:1
    3⤵
    PID:1760
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1824,i,7842350975333607250,4858557640955287462,131072 /prefetch:1
    3⤵
    PID:1384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3840 --field-trial-handle=1824,i,7842350975333607250,4858557640955287462,131072 /prefetch:1
    3⤵
    PID:1536
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1824,i,7842350975333607250,4858557640955287462,131072 /prefetch:8
    3⤵
    PID:3660
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1824,i,7842350975333607250,4858557640955287462,131072 /prefetch:8
    3⤵
    PID:3996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1824,i,7842350975333607250,4858557640955287462,131072 /prefetch:8
    3⤵
    PID:4620
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3392 --field-trial-handle=1824,i,7842350975333607250,4858557640955287462,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9f1a5819e2166180e72f49a0cb784005

SHA1
193828a02fc120ccea38c4308fcc143c4c78fc76

SHA256
75feadb0ff616cbf03cd53ff7d2a8a7475bd0e8a08972c1e452c9cd0d0707017

SHA512
e0ba072d68b80f95e26f917eb06bd196f5ea79978e91356842b91824fff5995d4c2a5dd6e43cb782f133ac0bec6721fe36274649c37367a89aa121be47ea5194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
00d33e3782f6373ae7fb3dddc095c9cc

SHA1
76c632bc6eaa7f46ca243d8470ea9af3ae61332c

SHA256
d1af9155c6cafcdb8f3d773006f84b74661d31629ac714d07dd51bc179a5e971

SHA512
c0ef3558afd4dd42a5dcc96f70e7a68624ab5b323b54bfbec1af2a79cb0ca555043dfab60a195e23e54c48bf8daf9eb9a85a3c1c0b9fad4963175a18e0feb133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d5b2a0f0bd3910e1c892ce1b46cbc505

SHA1
2d2c0b0e2f0f0432b8ce134d3f8cbb330c2f871d

SHA256
2d2c78372e7ad332c4e26ce57c076c5d88b88691824fa747a944f06bf9c7ca5c

SHA512
cacd0db52c46ff6b27969ee8668fde9974db8d98758690c73f652504a3082845694bbd5ec8bffc5acd733b2b6191e9413d11cb1775e6dfec0a871c6a11364199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
443306535e3cc2905042936b81d12020

SHA1
ae28c614d9bdee06f3951f550ea87e196cb69945

SHA256
759638965e55826ea3bfa8be123dd64ff7c1dce9005de6f79b197434a6ba2816

SHA512
2f0c41f4ea59190d3e090889f1158086cb5b0e3a3818a67208ec3af9a3d9ab6fb1d569c643328f6464aca3677c17e03e568810a6a72b272b51fee994f9b706f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6d0ce021b1d9d1080a850b6a10fc989b

SHA1
5fed68a4ed3c9127949e7db238f4028d3bdb2ba7

SHA256
0e1e3a1d6e931367c5eb9bbbb32a73563cf730f16232ccc0a255d04018815e02

SHA512
a84e7779742f820e0b3d6a228f4a7e8467a5a20d43ae5543c9f44e94e7ec1f95b3fc36824926b15f3a6132ebaac11fbebf074fa4ebf63db0f065808d0fa94313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5682657085f297d9a3f62bb1539d3965

SHA1
cdd0ddd302aac2898326aa650d7b5a7cf092c3d0

SHA256
4dcf35dc9590cbe63c5566a1a1399c6b0b1ed637a110faa436f62e69a81a5c27

SHA512
91e0b36511a83decc31ec23da11de551804a38903911e2ec108fa921477620558aa6f84bd67fb793e50878b1780b54f3aca7f785bb8c2fc44fd861ca60242465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
266KB

MD5
3145ecbb5e927622bb6d67d57461b220

SHA1
df2ba71e2b0aca95ec0d14d3e79f70b5e329877d

SHA256
beaa8aef8dd40dd303b7a06424abadc5b4e16bc19799f7646f648a84d89199e8

SHA512
1968c1bfbd2f8e5df356168225695b6e9bae6afa2482ceca6e297e35be3812d2c86749eeddb100535eff623db24daea0b25cbc8a39eb30b44596461286ba2d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit