8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
Size

1.1MB
MD5

c6f212925b8af53ae1baa4a20de4bc03
SHA1

3b2e35405a117c7d37f0b1fd12ccfed942522120
SHA256

8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2
SHA512

34818baf1346dfb1120537194eb5b5fd1979e784d2b6005fb8fd4b9d47457a138f4773d11b3d06bcc28768bd4806682bf949a7766d769ea7fe8c7cc4dee4dd86
SSDEEP

24576:JqDEvCTbMWu7rQYlBQcBiT6rprG8aSz2+b+HdiJUd:JTvC/MTQYxsWR7aSz2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571838195148986"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
2660	chrome.exe
2660	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4044	chrome.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 4044	4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe	88
PID 4528 wrote to memory of 4044	4528	8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe	88
PID 4044 wrote to memory of 2832	4044	chrome.exe	90
PID 4044 wrote to memory of 2832	4044	chrome.exe	90
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 3936	4044	chrome.exe	92
PID 4044 wrote to memory of 4148	4044	chrome.exe	93
PID 4044 wrote to memory of 4148	4044	chrome.exe	93
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94
PID 4044 wrote to memory of 4696	4044	chrome.exe	94

C:\Users\Admin\AppData\Local\Temp\8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe
"C:\Users\Admin\AppData\Local\Temp\8fcd46722630d3bc9804d33603ed25c55d2839ee3b6649636f1ed733ff1f61c2.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4044
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6bd79758,0x7ffa6bd79768,0x7ffa6bd79778
    3⤵
    PID:2832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1908,i,4749343915439128000,12135444644402970370,131072 /prefetch:2
    3⤵
    PID:3936
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1908,i,4749343915439128000,12135444644402970370,131072 /prefetch:8
    3⤵
    PID:4148
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1908,i,4749343915439128000,12135444644402970370,131072 /prefetch:8
    3⤵
    PID:4696
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1908,i,4749343915439128000,12135444644402970370,131072 /prefetch:1
    3⤵
    PID:3864
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1908,i,4749343915439128000,12135444644402970370,131072 /prefetch:1
    3⤵
    PID:3588
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4604 --field-trial-handle=1908,i,4749343915439128000,12135444644402970370,131072 /prefetch:1
    3⤵
    PID:1956
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 --field-trial-handle=1908,i,4749343915439128000,12135444644402970370,131072 /prefetch:8
    3⤵
    PID:5028
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1908,i,4749343915439128000,12135444644402970370,131072 /prefetch:8
    3⤵
    PID:848
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1908,i,4749343915439128000,12135444644402970370,131072 /prefetch:8
    3⤵
    PID:4804
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 --field-trial-handle=1908,i,4749343915439128000,12135444644402970370,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2660

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
ae357b62fa8e1a4d2ca63db5e42f29f1

SHA1
8ec3edf4fdfe7859743b3a7b19967b3592335309

SHA256
f6d6b6f4a8d4e746e4acdae453b405ee7113aac23bd33c9df4700bdaf0f91b66

SHA512
6736ecdb10dc36c11aeaec23cef47359fb4d76589982024f60d4d378dbe1c03c05b6eb1710b8a1f56c99b7b932ea367e0ad4fbac3d3919af308cf7db745fb9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
810f4dd192e7351f53a63e500776a2c8

SHA1
47a07e4409a3694091e018162df2d61db62bdd28

SHA256
8cb0ddd571ac0692f97ce4527c26d80f87a49332e3c1f4c67fc86156882fee56

SHA512
35ec18b2cf7aa48fb1d1885a6a23e025f1a3cf13fd985ccccf71be192a7c6595ff670372158b590fda1e911c096ff60534806d536efadd53a35de3348a220354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
94a169a0f9e9026d1b98b87906f6b423

SHA1
9d2892f95df9ace47eed69ca504e71e9a7d026e0

SHA256
9e2415493187187b67d6b82e6ec89bb603e99bdbc72a4ef2453798b328ba14b1

SHA512
f29700f244ff294bf8414a668634efedeff7167ec0bd00582edc1f40734f188e350725542bb3bdbbd5319b2644c3a8911e61567171d783c7dec1c34130f5879c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
eebaf377d451f933246c84984d30b0d0

SHA1
63812f70aaa9751bece44fbd46e6d1ca118a3a0a

SHA256
c611821c3df74e3063e04edd0dd068587892ce9776d9698b8118ae3e3d39dfd0

SHA512
31646c0f43f61e24dfa026b3006f98aebd6188edeb4476485d1efbf5b7bef240b97a275aeb6bf4e487cb5e79fc74033d4513163a556e6f18117fd29a79efe0e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
20effa221742a419c389649cb9f9de5e

SHA1
c8322393bf31a6dc0759dff5acbdf036716b9738

SHA256
32cc2d2420a331f8b02da344c26e0eea2a609d4a6c9428ba7294c762f2142772

SHA512
000a5583098cc1bce7c58b14a1dd495e7cb1e5f378cdc74861b0656d61bc52f47726dd78cb8ddbaf1395c348ef3472557ab8a33e353beb40c48771559618e488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
3946193a293c3a4089af84aaef583101

SHA1
dd2a9a6f9e4d7176afe3a521be7e1d8eda36da09

SHA256
6ea3aea3a35e55bd26b547e47dac7513c8a8ae0c589e06611c4ddadd39b8a327

SHA512
f919e1600c6dceee3b55af0cca7ac1dc599afa6d26dc32d9fa284b5a44dae02eeb823d3d57ac84dce6671f4ed08c53c7f9905c41a04f3e43f78be4e1259fc757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
e6b6fe2ef24aa965b92ba8eaa11f8d50

SHA1
50de3c16cfef6ad6342b4ed564b48cf34ea24728

SHA256
3ae808b9d8fd5ca0a317169de5175bb258d1cd1c3a76a69ec605aba3aa655d85

SHA512
bb5c616e1e351559a2d313a1e82cea8d4f9d3bddbbd585eaf7b62da99955b6eaa8cd0b34ec450814983cb7b0e1122d03ccc6b7231280931d240480a4fa878787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
68b2bba63c47c07464908c72be40f0fb

SHA1
ab52191c9f09ebc22fd3292359922f4d37de2552

SHA256
82a52d6f2d049f8122b08efc2968148112e031291531217f3f20c4716b377d47

SHA512
97f260fc81bc5af7581911d0fde69a0d2d8963ba97596deba000ed437797bcce27f92189c9e9176359f10ca4bd7a24cfe470926fa562804a04eb60ed2394d142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5278772bd5db2bfbca51ef6c70b47107

SHA1
70d538c0a584af6c4854c2a1f5064959beb5b973

SHA256
90f9f2540202b014a421743de5f8647f3e43a4b9abb099508b35693bb15525a7

SHA512
f4add51491d89322d61278504209bf7a16b9df83e7110f63a42862df269d25cd7b42bf79bed3fd1489056eec010637a0bd3eda4c3e80817bd7a0d226d0f3f19e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
46a7444ed9f6e3a9d517a79d51ce75a4

SHA1
d34bd9d6377a38805770acfd53ba0ae4e9875410

SHA256
d343fffe24bff970172ed2bc97b3b824653638a3b79987d933ebec95cd25c14d

SHA512
eab2d0d59b6f664e80c795b8711d2b7b4584093ff119f701c3dc40d9604cd9e5a1bfea716e25af0b21ca3de9fd0af25c1167baff3197ec7fae7dea621f34c702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit