b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10-04-2024 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
Size

1.1MB
MD5

3fa20563982d8ce06d23b5b732e173e7
SHA1

ede0720dba200458ec18765bba7ffe993fc2a14b
SHA256

b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149
SHA512

bc2c626553bafbd893d79b672402c6aadf2abc4c5161c0b1b0b8bdc20fe307ec99357a0b5c9d741faf099a6e04ef31a51412b701a5fb4ed65651b01f91e788f6
SSDEEP

24576:+qDEvCTbMWu7rQYlBQcBiT6rprG8aST2+b+HdiJUd:+TvC/MTQYxsWR7aST2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572126237229618"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1860	chrome.exe
1860	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
1860	chrome.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 1860	3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe	78
PID 3272 wrote to memory of 1860	3272	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe	78
PID 1860 wrote to memory of 1092	1860	chrome.exe	81
PID 1860 wrote to memory of 1092	1860	chrome.exe	81
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 4280	1860	chrome.exe	83
PID 1860 wrote to memory of 2112	1860	chrome.exe	84
PID 1860 wrote to memory of 2112	1860	chrome.exe	84
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85
PID 1860 wrote to memory of 4884	1860	chrome.exe	85

C:\Users\Admin\AppData\Local\Temp\b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
"C:\Users\Admin\AppData\Local\Temp\b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce07f9758,0x7ffce07f9768,0x7ffce07f9778
    3⤵
    PID:1092
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1776,i,18206199430581620584,16488309446352169051,131072 /prefetch:2
    3⤵
    PID:4280
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1776,i,18206199430581620584,16488309446352169051,131072 /prefetch:8
    3⤵
    PID:2112
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1776,i,18206199430581620584,16488309446352169051,131072 /prefetch:8
    3⤵
    PID:4884
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1776,i,18206199430581620584,16488309446352169051,131072 /prefetch:1
    3⤵
    PID:4764
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1776,i,18206199430581620584,16488309446352169051,131072 /prefetch:1
    3⤵
    PID:4676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3784 --field-trial-handle=1776,i,18206199430581620584,16488309446352169051,131072 /prefetch:1
    3⤵
    PID:436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1776,i,18206199430581620584,16488309446352169051,131072 /prefetch:8
    3⤵
    PID:4536
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1776,i,18206199430581620584,16488309446352169051,131072 /prefetch:8
    3⤵
    PID:1668
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 --field-trial-handle=1776,i,18206199430581620584,16488309446352169051,131072 /prefetch:8
    3⤵
    PID:712
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 --field-trial-handle=1776,i,18206199430581620584,16488309446352169051,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4432

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
66588863cf0853f0f45793df53dd50ef

SHA1
9b0689d543df3ba92542f2c818c55c517bdfb2df

SHA256
0e48ef0f51ff8a298d531f469f64d171b049db40d8eaa0ade679f8afde9c003b

SHA512
2f95d5452282ad386d13c1be1bd2cdea29283c234cd508b1e31295df63f6f24cda42c503b2f5adeb001487db173c7c72bf3372926db121dcdf1ef04054418335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e524ddcd728763b72a4237e102207557

SHA1
a42439ac8ccfacfaffd61fa560249c745c1e8fef

SHA256
d3a2654509cea93df8025400e4401d837a7ee1c2b09de937cfacde5d2bf2129e

SHA512
29bea7d4537a676a676d10d259fc3580944625ce2e6b6954b6164ca1dfa628c73272b8432afdadade7df3d34a11f5eab73eae2d045ef09bf2034598c25a4c6ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
997e1cbffdad557056bfe70c9f9fcc2a

SHA1
81aafc2aa24d0be8a9280a9b4f77c52e7f7aaaa0

SHA256
baf5165f6897f554a6300008dbcd41decfd5829f7b203a45a98f29555b281e35

SHA512
37afe424695ef660cbbe1185fc1314f9dd7329cbda3a5cfb479b5665f128d1b36518534acbfc0eb4ef572ac20ef5932f472b35465c6b1375e4921010dd8399ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
7df4925b16f1b879d119423f4fb88715

SHA1
bfd8f09d87dce143a05d4c7884c5f8562e166788

SHA256
b4f80ab1de4e70a5b91220763ad6d11e608047d481f6f6e56b12d6e8895e39c2

SHA512
f74a2a72181092195c955366364b6f3254222db98ef0db7cc3c69f3f92d5b9de1c277230365d38807a101398bcc2a6a49680abeb753cc7174ab85ec398c45b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
415ea296441ce2fa314d478faaa2f289

SHA1
7664a985969e7b08442d1bb92656935770170a2e

SHA256
6b6706399e420225a215c3661261d4bba50c5cd67b4200dda12fb067bf9ac78a

SHA512
b9100f8d4953812d5fb25f5bdf10c73f23e31bc30492646bf3ec7d6a1d05621e2903012b996fe173dcc08723dd6837501e79a8e24611a544609417b5bf04e7ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
12cdb154678f0d33ff8e4fc1efeb4642

SHA1
4719e49e98f140f086d3bf267491ea94a80c83de

SHA256
376132a616d139b01e21d4f644d6f577f411f072c9b0715790fdf3e0123a89db

SHA512
670f55062b197c9b697d3b440263f66f4e6be7296cdd61e99811766f274281da309393b075e527a6d5e09620b379ab35e3a91a70a98d6efccd275abd09ee326f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
0f7267b97e17f8682201fda5d104ddd1

SHA1
5e860bd31c9c952c1929fbfaeea7a10804bf0f37

SHA256
1f0907515729487be0b3ead188517119c81994aca8da3e1e654ee0e7ddc1c321

SHA512
a58decf8cb2da38487847312caf750512980971e845000b4aa120ff7fa42b8add403179d4a063a4f5289a773ae98c2f1100e9d230a510631a09ae46fe543abd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b3755385b090b6ce2ca775837eded4b4

SHA1
4345f90ab488408ca94418691de843db48fb579e

SHA256
bbd8d66885d76efe0537abde3126781694a9d6c20edc26024b545c5a9904b2e7

SHA512
cec092ec16df334c5e69b48295b8a7e9a42244289b3e50335cdcc9e7d1aeca75a639fcb81fd4d9524fe5473feeefed727f14c76e4a3ab8b030c155f06581e498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0be1293791c83729da679f801a1df777

SHA1
dbbb2eb97d42407a44147c245510668ab51f5f89

SHA256
e4b0525ca925a2c9de36de6028a148654a65edbb29bcc991b693825bcf1449af

SHA512
4be3cb901c0912c68146d43c6b1879e99cbaaa91824162661c43b235a367c26ff10c02121162b995d903ea747abd129b9898d525fbb51af23827188b9ca83e12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
9a213e54d024466e4051b72856db8d07

SHA1
d2aaef99173532291bb8645ae39ba49ea60f6dfa

SHA256
15cd4b77a6225e20a58812c4c502360ee004407c56e182f6f27b473772876b51

SHA512
80a69c9e701120c0898e0e101cf05dbb0791fae5207a46fd7f847d64215b6f450e1e1868ded06886595b53c9387944317cad4e559342dca77c89a239f2ce57bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit