fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
22/04/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
Size

1.1MB
MD5

5a4b67ac68acc8558b7209be42f8e79b
SHA1

0e47233a20eef46680b8e0b3c61f962639167f43
SHA256

fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a
SHA512

d49872c5903a11cf09b0b59fd9e0801973b13a22e85a6523ba97b22b462ad67454a4110d0d558aa9b608fa838f4fb7e3766d088d7f287095233974e2f8a53bec
SSDEEP

24576:KqDEvCTbMWu7rQYlBQcBiT6rprG8auC2+b+HdiJUX:KTvC/MTQYxsWR7auC2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582839682561688"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-834482027-582050234-2368284635-1000\{481C6F15-6586-4FA6-BAD0-30FA01605259}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe
2520	chrome.exe
2520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe
Token: SeShutdownPrivilege	4284	chrome.exe
Token: SeCreatePagefilePrivilege	4284	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
4284	chrome.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
4284	chrome.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 4284	1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe	80
PID 1156 wrote to memory of 4284	1156	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe	80
PID 4284 wrote to memory of 1808	4284	chrome.exe	83
PID 4284 wrote to memory of 1808	4284	chrome.exe	83
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 2280	4284	chrome.exe	84
PID 4284 wrote to memory of 3900	4284	chrome.exe	85
PID 4284 wrote to memory of 3900	4284	chrome.exe	85
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86
PID 4284 wrote to memory of 1092	4284	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
"C:\Users\Admin\AppData\Local\Temp\fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4284
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe601eab58,0x7ffe601eab68,0x7ffe601eab78
    3⤵
    PID:1808
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:2
    3⤵
    PID:2280
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:8
    3⤵
    PID:3900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2068 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:8
    3⤵
    PID:1092
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:1
    3⤵
    PID:4484
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:1
    3⤵
    PID:3904
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4004 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:1
    3⤵
    PID:4144
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2996 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:1
    3⤵
    PID:832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3388 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:8
    3⤵
    PID:1060
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:1120
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:8
    3⤵
    PID:4596
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:8
    3⤵
    PID:2372
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:8
    3⤵
    PID:4564
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1808,i,6843109397490668590,10666494486432709420,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2520

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
4e071cc14150e30eac12a73610ac51e3

SHA1
36cafd9b2c8eaca29fd6bbe53fc1230de091ec6e

SHA256
377359328f44d60dfbfcd7a790b0ddd47852bced59db41795e627d432adf1ff3

SHA512
4d231e20e1feb5f24328f4c7de6cdead14251d7a6c94b9cf7940761ed34ab249375403112e07a4c9e230f77d994934cbaba8f963651fbd33f4c62428ce651fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f7c9d2a94b4bd00c01617425f49f3602

SHA1
a9056f98382c640877ab942cc75294597859265a

SHA256
ccc4cc212618bc68cd785423d4b7aab82e48d8152c2208143bf1a31a41809245

SHA512
3abd80ad3f796322ba21cebb722b95a5495e2c4da1107fd0f042492682411c500b2b63dda8c15f12f5bf310e701904bc45393e6c93edf590b438bd84d60825b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
af10def56de1b02188216d5ed3282ca2

SHA1
bd211f4fccaf2c75ef464883ad4a43ededca3d49

SHA256
025e684d286532309871479279dac57856b2d5dbc2915ad2ba41cdac757d04bd

SHA512
2b0a7ec8b1c80558533ce2e640f006da634e60f7011e16fd6cdf9f5cdfd96a1c764f157e4c4a181c137115747708d32313c145119e5e3ffdcd73d82276052b8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
518B

MD5
9c8c95daad082d2f440fafd0c9f6e493

SHA1
7f7faccb96beec9e5f982d33b7d51aa3cb60950d

SHA256
ddf8ad7dfe8a5015cacba07429488dad338b6b3fe1d003ee7d924f8d12a0f7cc

SHA512
14185fcd9eaa850e40164ff0a00b4e9d6096a972743a59bcbea578b6345b85db5551c5d29e042b716882df8d55c725d4e2794e2e6d89624b8957e7ea0390c206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
518B

MD5
2faecc74e83cb44039b5017eab1b1299

SHA1
f7d0ee6416732a1f2a6adb227ed4f1d99f1a595d

SHA256
9964c25e469999a0e81efb05b1ddaae2e34b0b897bb862d68910e9719beccb4b

SHA512
93269d345345a9e4672f0f5ca7409ffb54f70f6fb43cfb677e109d92a817e4b1661432af2cae56e367ead08e2f6703a96d84a48f01b10ea868bbce8c756fae27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
9a4ca460b8254a58abc719a477917c9f

SHA1
411c0f32a01a2c0bc031dbde0cb8899866815e04

SHA256
65aed4b4bf5778c31aa2102b77bf3ee3870df6da1572e09bb869c76fb3b1b2e0

SHA512
a4b4396ff6af14cdfaaf85fdd8e0f7011d8c8c955ee85ec279ae78b2a9b8cc00fd592d2ae6ed68e358c470e7bc87184ec5ab04351187a33e4e3212f3ffd2e2a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e0884686612564caaaf27b786d625a2b

SHA1
8c4e6bf1032ec582ad181231ddf41feee6319fa5

SHA256
99ee3136750efbebacaf73d093a540643877ec691714c8b17d03a2857f442960

SHA512
7a4349548dbd69d4c4e9bf9bb616be3e4288f1e7f6cdca420642f9802981dfa20c88da54b44a58674cde277cd9c8ee629b0134bf79f2f96bd5010f59fab9baef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
19498facf62671f06edae0ff85d3b6ae

SHA1
073fa1b0988a9de2a63fd3e940e2161a5a43d86d

SHA256
38258923befbae87b5277924d8d21ef7b02ec28bf4d598100b2efda4316ea451

SHA512
556014777231abf64801e754cec519d3c256126bf2644652a61dc69c2c4bfbe0c2a6441827db91b2bdaa339ba09054b4c83b545f38c1b1e315c416c0aefaa36d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
3a5770219bab30780838ef5b93adf19d

SHA1
7507e4679d4ee4e6c54a160324e6431227b28760

SHA256
49578e97d41b7291285260fe9f12a6eb0ac3bb303540db173cf3666e898d615a

SHA512
d5521f9cee4836a4756bb127c1d1d1e1b7e2ab953c458b6a127fffeea3fad6e57c478cc5d6064f1b42a854d594e0f21cb03acc9b4c42ff10b0f7d7968f32f232

Download Submit