0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2024, 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
Size

1.1MB
MD5

be860ae17a4d0c01b0aefc289e4fbe57
SHA1

773df53f0a3e16e933fbdde5a9ff1a41223c492e
SHA256

0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3
SHA512

1732fd6010e178b1e31bfdf0738c042ad6e2a64dff76a4b3710e37ca845a741813d8504fbd61fbefe91b2fa8b13b71ff973750a304313426986b3ab099641624
SSDEEP

24576:EqDEvCTbMWu7rQYlBQcBiT6rprG8auV2+b+HdiJUX:ETvC/MTQYxsWR7auV2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583184619135058"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-259785868-298165991-4178590326-1000\{DD428EE7-563B-48A2-9DF4-282FB57DD4BA}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeCreatePagefilePrivilege	2192	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
2192	chrome.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe

Suspicious use of SendNotifyMessage 62 IoCs

pid	Process
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 2192	1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe	89
PID 1952 wrote to memory of 2192	1952	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe	89
PID 2192 wrote to memory of 1620	2192	chrome.exe	91
PID 2192 wrote to memory of 1620	2192	chrome.exe	91
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2776	2192	chrome.exe	95
PID 2192 wrote to memory of 2916	2192	chrome.exe	96
PID 2192 wrote to memory of 2916	2192	chrome.exe	96
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97
PID 2192 wrote to memory of 1904	2192	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
"C:\Users\Admin\AppData\Local\Temp\0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff80b2ab58,0x7fff80b2ab68,0x7fff80b2ab78
    3⤵
    PID:1620
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:2
    3⤵
    PID:2776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:8
    3⤵
    PID:2916
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:8
    3⤵
    PID:1904
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:1
    3⤵
    PID:3412
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:1
    3⤵
    PID:1192
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:1
    3⤵
    PID:3376
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3248 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:1
    3⤵
    PID:956
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4500 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:8
    3⤵
    PID:1568
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:2452
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:8
    3⤵
    PID:2784
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:8
    3⤵
    PID:5048
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:8
    3⤵
    PID:1248
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:8
    3⤵
    PID:2880
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:8
    3⤵
    PID:4636
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:8
    3⤵
    PID:4104
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5532 --field-trial-handle=1956,i,88519546483969494,9441696572350264185,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2408

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
293a252e9a933dff79e6b738362fe982

SHA1
b50cbcde04b915654924eb457f932d6f7572d415

SHA256
65dcf1db3c8e9dc9891d9bcf582efc8d85682e1545f4dc52749cbd38fa5801e7

SHA512
541b1866a2efcefb406562eb75b21ade6f3f5f48a7f76d309bfc63701e67290c66868ea02cf86eaacb6edf4915bf2f45573434569d195bf2241a7725d6d2abc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
00d5d85ccfdce688977b84b7a91fe9d9

SHA1
81849286aa845edd69d29a20b1bf64758fe514e2

SHA256
2c418dcf7db8d2378f5cd04408c9caf8d156e70544e5464396b27e32ded5c805

SHA512
0b6711bf3044c6a2b19b50deaf702a73864d499eb89cd95843c62d7bc2d92bd80aeea9debe114350ba732a4692e9292644c0e043102b7a52e4430d15896c2fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4ed8a188881fea0de83439aee7fe5f51

SHA1
9f85ec643f98d9a178cc9f5492740524ac4ac853

SHA256
c413f95a310c2be328e938e10884fb5e9c1d41feeacc6ab7a569ba454694b7e0

SHA512
0a633d7ccd571b88ba1e2764c344ddfed3711ba0fc161593d2e262326d0a151b096440af233e6b350cccbcd5270b5b0ff47093ad8a507630c38f64ceae92eb6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
4a0a083a5cdc24507c165c3d2b4ca3c7

SHA1
556795bdeae8a27fbce1c6a98fed48886b463522

SHA256
38b66724c4ab2dab21fe379e848e6e076bc41bb334d8348824cef52c99777879

SHA512
d10d0500ef777e8dae172c33c511b1a082585244f3c0735d14405a3b12563e5d4158bbc753d1239d2929aa534b01cef609ce982015eba3baccdded93d9c1a662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
201e9011d5e9a7207ca59e6e6ea4ccff

SHA1
f23be6ae463aec5367202e2e3ba3560d3ec00a72

SHA256
bf2ebe8ccc8577af5a8ef3e86291e31fc6196817b5ce8c9bfcc0248e74b67be5

SHA512
0ec03c7e805eab3cd400535c6a2febbed6fb74b720a50d02c779312a827327c2f5bf416a9e4fa465ced9dfd4992b5e4cdc96576f1acf09af6f4dcf738cb92d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
3bd45663b7cac32e8bba548f8d10cc01

SHA1
2b26073990fe7b0644861dd59f567530be7f96f6

SHA256
aca61aa273a28783cf98c7839f8ee9b0e8cf273a117c428d870276e829cbec0f

SHA512
77e3631f750f4e624dfc99a8a74ed0de4ce6c951f6ef2b20b395ef35f5e85a9606700362bdcf4577ecb26697e9fb997c1fb5fdfb580735b9e80cddbd7f7d0f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
49d61e3fa2d5838d661e9913a302234e

SHA1
cbf82c8d230f28a5c6de99155fa81f10efc45e55

SHA256
f87f8a3f03067c2b91b5013ed5faaa6cce866ce8a08ced272015d923ce02e736

SHA512
0fad18f4f3c797170baa935843803cc8b2c35dba863b7b81343b33e232588d849bb38c16980fbecf326df90a4875e90d09ef714df1cd51f0b9bd676688215692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
9f1b1fedecdaff750ae030d482c0f8cb

SHA1
f93454ab232cf289013283b620f13271aa7cb50f

SHA256
880d89d81510d4c0c96a1fca156912a2c48cffd94edbb8881b5342372ee38f7c

SHA512
3629425085ea73f5eb3805f89572e90c1afbec28f55627d12073e57ef203073724d655371a28fcabdb3ffb0f9233d67a5bbf4b2e2263282e44503115b51ba784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
a5362ced04de60e757d7da0b2d8b7991

SHA1
15a3eb75f4a235f7d7092e0d121ac6e9a1bec36c

SHA256
c16bc67052f9856d73a834a77bfac1bf3b8358d96e625f28509ee2d39769fad7

SHA512
703a2e5f9003ef30bcb4bf11c77094fb4063a3871b68537c8aaabd9464a9df5c4ecc4033c2b03dbb6ca29dcd8824a2db0726a11b82b677ed63fb026b9638e6b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
7dd1d332ef4a2b01b1dbb5731f3da304

SHA1
f187fa9fbf456e53843631f1742ee6791bd970d0

SHA256
bdaf0a0b0252239a2f3cc9c19bd2490ecdc912f5fdd319e50bbf715acd89c1a8

SHA512
c44a79f59e9fd0f9b7479e3f8b1cd94313c160ebdd9adac02587e0f7c83668c15958be71ba29435cce1fdf6199790c9d669de66705c6d12268e27eec31e8dd41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
274KB

MD5
fbacffd1df640e64b22aaf62038f3715

SHA1
ca30674aef5df73790d2a3327cea90c33ade9e34

SHA256
111a28c4a3f04f414919f20541dafbd2517488effb24e033b4880fee19a7b01a

SHA512
c84eb51f3f1036b5472b16778a068d23e777e628aed68799ac97c5ee2293750261d668c10298fd5e71da328d9576d54a7211f6b32a8d9ebbb5676973b60398dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
e77a31dd40f181617576c91494b8608d

SHA1
ca45a0207dd8adcbfffe5613270b4c6e26d24c7c

SHA256
80866d6daaabac03f2421efc775e3852d965c9882c6d77e3a4103a0429b1304c

SHA512
e2da3e0529bd57c1292dafd6cc5c6036490198e8a51cf80938bc69182b9f9c9fe416275a934060ffc5abf257ca89b6f2ecb0f39393bee0137df1b1ced457507b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
7f622bfa37f982c863a60df9928b95da

SHA1
7db321d089dfcd0fb1d42ee3285ab2e12656a577

SHA256
27a4b025f2706e330ca6f21bfb8f36a72157f7695bfeba79f153f34e5a95f943

SHA512
20a3cde272a65e4e4ce2d761cc79d26ae61f1e1e5b27029fee52a5217c1fd033d031d219fb751f05b09db9ce623358bedbd432b896b0ac13a8550bbe1e9d436b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587191.TMP

Filesize
95KB

MD5
b2cd6e3a529d3ee04b08055efcf34e3b

SHA1
66ec77600836ab62b39b64663e166c37df901249

SHA256
48e14229d8f5055d43051a49fb2f49f638ff0a2d4f1b1e5a1cbbe6a86c0bcc4d

SHA512
8f4469eab2d1bbdec1d14cdba0e12531ade464d2553d19486051828fc7055251f83ebd372cbbffba993d0cbff32b59633a6358411dcc2cf601b435804056aba6

Download Submit