dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416

Analysis

max time kernel
299s
max time network
298s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
18/04/2024, 23:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
Size

1.1MB
MD5

afe0d5fa1956d8a29d24c9776d5f0992
SHA1

1019105f592fc3b41c5b160079587fc99c14ba28
SHA256

dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416
SHA512

424345ed950f46c92f872495401090002daa3181ebf6f6e69ae3e23cbf58b205176fd4550d2326b2f5536b6000cf721cfc9bdaece2f7d223c28667c4ba1f13ac
SSDEEP

24576:0qDEvCTbMWu7rQYlBQcBiT6rprG8auE2+b+HdiJUX:0TvC/MTQYxsWR7auE2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579555935499781"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3560	chrome.exe
3560	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe
Token: SeShutdownPrivilege	3560	chrome.exe
Token: SeCreatePagefilePrivilege	3560	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3560	chrome.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3560	chrome.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3460 wrote to memory of 3560	3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe	73
PID 3460 wrote to memory of 3560	3460	dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe	73
PID 3560 wrote to memory of 4752	3560	chrome.exe	75
PID 3560 wrote to memory of 4752	3560	chrome.exe	75
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4820	3560	chrome.exe	77
PID 3560 wrote to memory of 4368	3560	chrome.exe	78
PID 3560 wrote to memory of 4368	3560	chrome.exe	78
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79
PID 3560 wrote to memory of 4536	3560	chrome.exe	79

C:\Users\Admin\AppData\Local\Temp\dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe
"C:\Users\Admin\AppData\Local\Temp\dedb31c8a33a049f17d613e66c38d7562a97e59c604ffdcac3b7b8766ace0416.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3560
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa3e049758,0x7ffa3e049768,0x7ffa3e049778
    3⤵
    PID:4752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1788,i,12128859242127111513,9812248698454556838,131072 /prefetch:2
    3⤵
    PID:4820
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1788,i,12128859242127111513,9812248698454556838,131072 /prefetch:8
    3⤵
    PID:4368
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1788,i,12128859242127111513,9812248698454556838,131072 /prefetch:8
    3⤵
    PID:4536
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1788,i,12128859242127111513,9812248698454556838,131072 /prefetch:1
    3⤵
    PID:1424
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1788,i,12128859242127111513,9812248698454556838,131072 /prefetch:1
    3⤵
    PID:3256
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1788,i,12128859242127111513,9812248698454556838,131072 /prefetch:1
    3⤵
    PID:2248
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3164 --field-trial-handle=1788,i,12128859242127111513,9812248698454556838,131072 /prefetch:8
    3⤵
    PID:3084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 --field-trial-handle=1788,i,12128859242127111513,9812248698454556838,131072 /prefetch:8
    3⤵
    PID:2756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3164 --field-trial-handle=1788,i,12128859242127111513,9812248698454556838,131072 /prefetch:8
    3⤵
    PID:4392
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1788,i,12128859242127111513,9812248698454556838,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2328

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3e2691d697a10297d7b7c0c9d4aa6e19

SHA1
494358559ff59016cd69cd78ec77592c38623d1e

SHA256
b0f2cc6c75326bd27379f5bb0e96b94221a02dfda722d6848d8de7bbcf73a4e4

SHA512
28366c5a5fff6794c57a0d16d848ef91e622a7538276d4a483c809e981c059ac73696c6627d572e88f19e3b2ffdc800d720ca07c4e08af0d5ad7525fc9e28542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
89ba27102c83caa54b8d5dbabe53e6fd

SHA1
8b3adc8085bfa5ede4a3c25ce34e70d8f9d2bbef

SHA256
edaf31a57f3f717e260ede8bc5a0f2931bf3df3ff6a8f48d66d0e9100f2fa807

SHA512
22975cfe845077bf31d83380128fd816f3b250e6686cc92ab57d9bdd39e494cb94b61533379f43a12086b5a229fde15050f32b24de8a86b9d2238900d4c582ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bfe1af55adabcee9a1951d86d21d7a81

SHA1
3e162bd1394a06c9ce255df1a88d18849516df7d

SHA256
34d2c684a9604bd5723c76c6e514a89941c782a550adaa62200fbd602bc37186

SHA512
6a59b16e541f149e8acef520cdf7e5de46290dc1da4c168ce8163618c3ba36b490532f4e44d0a93ee780d3158d4f586436d159e7d8037bf7a6bccd5aa44a736f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
0fe6e0fe446fecbd84b30fb120df3edd

SHA1
eb422c3e4ac06c978feadbd9645dd75143d02b21

SHA256
d33c4570db862d334bab304ea90c378d8b50036b35cbec26e6afbd2ca77aa3f2

SHA512
4b22b43de76fb6cc737742a8bfdc6d728d03cdefa6374df6529f9579d47eda834d0a4680a76d92970989a3960ae9f9d7d05500f9c425d062a0b4a78518dec6b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2220d75dca5a2c48f463a2f2529ea3e6

SHA1
1a3f1a51c969a81ef9547f02ce8bc80d8e6c5059

SHA256
882c68771f9717b910e5d18436e8f55ba1f7eca994e866990e3c19d3b9b806ac

SHA512
c02db0dd5742f76b2f19f23b40b93b0eb340c4374139a2e83bfcacd0e28b1576b2374cd6a924d190c0e6439b3b6851d7a799948086cc131b19065f653a0cab64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8faa054f64693a4032032678d00649f5

SHA1
69ce858d3f698f5aac2618e5ee2150c461a94177

SHA256
5001fcdd41622e84c1b5317afc2257346d869b781f7505d5c477325c46f4ee61

SHA512
8445012b5865b8ab7b76785eba528609cd8ed209dc55a03af3c0c26982f3b39413bfddaecd3c87ded01b07d9f1b6eb21fd76c2f4f09aa0f65ca9459f960af5c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d26daca51ceaba3cf4404cfaf3f60e1e

SHA1
88bc83bd44fd7ec1869a44fbec31866d24dc58ab

SHA256
6ff6b368d353d772a7d7ee864a8629814faedc64f5366e1e3dfabf60840d40d0

SHA512
bd4c78020e7e2ff331b103ee71267be03feda24ee157490d1479adedefeaa19961b1a5e18d7918f290aab967b78446c176d87859f7c66350bd80eceae4fc4ad0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
43f0f96a906e4ac6f273516a13002323

SHA1
47910ce0651473a7676a163964ee6fd90209cc96

SHA256
1a636ecb89045241281b5986296b55e516ef8d66fd527af6aa92900046052f21

SHA512
7434602f3ad9d91329e97628960ef0850accb5013c6c84984006148e7f07d57676aba10251a7726f1cb6b8b9460cae6c1cc13313b80f78bdf372d2c6f2b9ff76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
271KB

MD5
bd696a0132c60901e6efdec54a457ccd

SHA1
ecc2053e819289373ccdfa1295e4bfd402939048

SHA256
fff8b1cd7fb62af91712570c59f2bdb42511ec7c9f8ca38cc1ff742fd279f801

SHA512
9f1ef214d9bd63b529e7c755563236f3f4c389aac57c1c8a169b2fd149e6e999a711b829300d9270aa888151b30789c47d8362d2f39f772e8f5da7efa268c021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit