2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932

Analysis

max time kernel
299s
max time network
299s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
18/04/2024, 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
Size

1.1MB
MD5

1d1decf24e6a4c253a2a48e17fbc388f
SHA1

6b61bc6dc69220f67d3912f6bd1290edcd7103d5
SHA256

2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932
SHA512

54a5faee6b472e93bea4b3a73d0938e4264545c816160150cfe29f9d77b7a86b18c9fdf4b4e3618b426aefe2154f5915067eda2fb4f9e03ca5f40b0735585592
SSDEEP

24576:QqDEvCTbMWu7rQYlBQcBiT6rprG8aup2+b+HdiJUX:QTvC/MTQYxsWR7aup2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579529159052072"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2564	chrome.exe
2564	chrome.exe
620	chrome.exe
620	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
2564	chrome.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 796 wrote to memory of 2564	796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe	73
PID 796 wrote to memory of 2564	796	2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe	73
PID 2564 wrote to memory of 4416	2564	chrome.exe	75
PID 2564 wrote to memory of 4416	2564	chrome.exe	75
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 2124	2564	chrome.exe	77
PID 2564 wrote to memory of 3788	2564	chrome.exe	78
PID 2564 wrote to memory of 3788	2564	chrome.exe	78
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79
PID 2564 wrote to memory of 804	2564	chrome.exe	79

C:\Users\Admin\AppData\Local\Temp\2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe
"C:\Users\Admin\AppData\Local\Temp\2aef68af95359b80ca2b6f4298709b7810b6908c93a245bdf78f78be238c5932.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd11a59758,0x7ffd11a59768,0x7ffd11a59778
    3⤵
    PID:4416
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1840,i,9323174435250966450,5080700456777749310,131072 /prefetch:2
    3⤵
    PID:2124
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1840,i,9323174435250966450,5080700456777749310,131072 /prefetch:8
    3⤵
    PID:3788
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1840,i,9323174435250966450,5080700456777749310,131072 /prefetch:8
    3⤵
    PID:804
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1840,i,9323174435250966450,5080700456777749310,131072 /prefetch:1
    3⤵
    PID:1816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1840,i,9323174435250966450,5080700456777749310,131072 /prefetch:1
    3⤵
    PID:1884
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1840,i,9323174435250966450,5080700456777749310,131072 /prefetch:1
    3⤵
    PID:4296
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1840,i,9323174435250966450,5080700456777749310,131072 /prefetch:8
    3⤵
    PID:4196
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1840,i,9323174435250966450,5080700456777749310,131072 /prefetch:8
    3⤵
    PID:2692
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1840,i,9323174435250966450,5080700456777749310,131072 /prefetch:8
    3⤵
    PID:2184
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3368 --field-trial-handle=1840,i,9323174435250966450,5080700456777749310,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f2fdd0124e2e1fe934dee90af3f36601

SHA1
b03be41b98b2da39115e5944de2cf32f38e84ad3

SHA256
59761e0cb95cd04ede77cb10699cec0b998d1ca6324e260290f9fe16c84e39c1

SHA512
3ffc9cd4d3d29e29e39e2537fbd642461ba8765814f7f8f2f03e65b4342f3ef55e64cf9c570408e0ffc6a561a519d9c677220c13a91379925b158fb617cbcadb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
91402bcdcf5fcb4cc12c85dd78718793

SHA1
18086f7ae110bb893776104a8e282721ca8f82bb

SHA256
12507258d648f3e0da7174ced4fdc4ecf09fbea04a24f0e4d9144d33a225b089

SHA512
8fef66a376fd928af45d0f0b32b8c6ae2676ee8f8abf8a4536c52db7a87bba77feca2bd8ee309d3dd9a8e27b79ca6d0ea65d4236e1874ae454126d854e5c5c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d8f55546d0c7e61f8682dd8330bfb581

SHA1
38bd8c3833e3331ae96d35575a9f671e8138bc31

SHA256
e2407a53dd36bb7e2dac3b90cab864e5536f3197fce7bce22e2c7ac64f6e1a7f

SHA512
d6feecf963ac3397cad211978810336dc4d8b74c6b486b70b6bacff4485b6b86dc5ddcf8483b69d1c16c8e7edf0fe3c35cbb2c6eebf553e6cf37714e2034c102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
f8f846d623c69eac36f0d27412b5cd52

SHA1
ab51fd9db7a1b61277eb6924fe57b3f32e0aab99

SHA256
078c8e4954ff0a4bf4f9e674eda1509f9b2a822ec6ec0b6fd787353e03eb99a3

SHA512
0b278a70586df00fc68f6d8b5edce6abe83364e3df4ec4d1e8abec82cd65e29834b5f37829cdc29766c71c4e534e8a79c8751c8c3a4fd11ace34f36f00148f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
21b16d9a4b84bbaafd4a79ef77de7776

SHA1
cd8de6d0077247b16f0596f2c30dda635ae8c55f

SHA256
6660c7b8936891a494e3aabc799673e22ec13409f38330e639423f3360727487

SHA512
4d0a1aa43372b413a77710a22e808b1fca8a6ca915d30ad80abd599eca819dd4e97a1ed46775f8564afbba09779af3558d9039f4e73ebb89370ccd269537e901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
75997077cfed5dd4a0e2ec0122ff4ab5

SHA1
c4e58f0dcee0a6d60138b475977b9d6fe6cc37f9

SHA256
486ca3f50fe2887a575ef0ca380b7a0fd51dee0ff7d7808e7daf478928ac5039

SHA512
2ffc2d97ce5bf2d8d5f8abab044a60ebef55a2c7ba802af2f9965c490140dda4b9fd0bf077151f9ff1adaa68bca616a3a27ebf60eb7f71e4d0fe3f3d5e7e4a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5efaab9b6c951cc975d26b42ec81f1fc

SHA1
59f18364db50a566297bed3941240d25f0e56e24

SHA256
7ea5608b5b60f97f9ca5ca6bf32a11640dd80e50fdde879446e3cca53da07e55

SHA512
b1e8f1062e5afedc844c4a3f9d29ef6f65fabe022220866c238d2e74ee7d3c5fc11cf82843b366d3caaf9ebb61e25bf914cc492655da56aad281eb55eb8a97ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
0c1659a828147006f194f8abbf86d6ff

SHA1
f47c323be3c0e6fba8051a54e0353635a55a5e2f

SHA256
645a24e66487f6b3714e41b6aafa7e8078f38c26e48275bfbc8faab11761198b

SHA512
84db7a5f8fd44297c6a8f6659346c44af920d326961c9f65392b57247a52ee81c21111dcbb182e75544a888d1c9dd0a3cedd778dc4783c98d9d02dd264fcf357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
271KB

MD5
e8b1ad0ed80f014309ca8af9f8503791

SHA1
abb462a01311067d0af20c2cd5f7935ca45616fe

SHA256
dc41003c142fd29c3817552924117a8c22ff515d0824a2bb7e478e93b45f4b40

SHA512
d9c4538b06ca5e2ec8a98d2f85311da78a4e0e575ce0cfac4e73b827c3b65c5301a304c3018479d50f9c3de40f2aae45a2f2387176dc7a468c107d8b635316fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit