0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23-04-2024 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
Size

1.1MB
MD5

be860ae17a4d0c01b0aefc289e4fbe57
SHA1

773df53f0a3e16e933fbdde5a9ff1a41223c492e
SHA256

0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3
SHA512

1732fd6010e178b1e31bfdf0738c042ad6e2a64dff76a4b3710e37ca845a741813d8504fbd61fbefe91b2fa8b13b71ff973750a304313426986b3ab099641624
SSDEEP

24576:EqDEvCTbMWu7rQYlBQcBiT6rprG8auV2+b+HdiJUX:ETvC/MTQYxsWR7auV2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583184599443218"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3777591257-2471171023-3629228286-1000\{212096C8-E32D-4F5F-859D-BEFDF0A30B0B}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1412	chrome.exe
1412	chrome.exe
1456	chrome.exe
1456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1412	chrome.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 1412	4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe	81
PID 4080 wrote to memory of 1412	4080	0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe	81
PID 1412 wrote to memory of 2744	1412	chrome.exe	84
PID 1412 wrote to memory of 2744	1412	chrome.exe	84
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 4036	1412	chrome.exe	85
PID 1412 wrote to memory of 900	1412	chrome.exe	86
PID 1412 wrote to memory of 900	1412	chrome.exe	86
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87
PID 1412 wrote to memory of 3448	1412	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe
"C:\Users\Admin\AppData\Local\Temp\0eec54bdcb8465c8b43d3b8b297fb5d482e4c43a1d74a94cd75e73361b047ab3.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1412
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d9a5ab58,0x7ff9d9a5ab68,0x7ff9d9a5ab78
    3⤵
    PID:2744
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:2
    3⤵
    PID:4036
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:8
    3⤵
    PID:900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:8
    3⤵
    PID:3448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:1
    3⤵
    PID:1172
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:1
    3⤵
    PID:4600
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4160 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:1
    3⤵
    PID:976
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3380 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:1
    3⤵
    PID:4936
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4388 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:8
    3⤵
    PID:248
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3040 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:4880
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:8
    3⤵
    PID:740
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:8
    3⤵
    PID:2348
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:8
    3⤵
    PID:2420
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1808,i,14763666514750253071,8363935111029505979,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1456

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
9cb86930dbb67072256c813570fee869

SHA1
1871bc060a2a57a07c5321f4eef29defd869b98e

SHA256
9a8b215e8000af2c805f860295fe14c53b82de8f5817ec60aae0fd57259b9877

SHA512
80886b388a568755efa9603831bacf3339a4eee279c1aee2146f44172b21ebaf3853311ecfad3dde4163d6de871572d2cd440bb02758912ba50be106672178ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7aa4e4b10b332508dc06778e7069519f

SHA1
3e3c24a8e10c0c732aed9193e5d62b475de4159c

SHA256
13018667af3c72a2d3db0b64d2a2988ee5804f5e68709b78d457d00eb3f525b4

SHA512
424405529d06e704d63d18e3ebbfe331bcca194ed60ca2fd44eb6e4e46465ba8c82339080ddf632412e9d2f0e867e65c376dcec2c29d67951eb006eab79403ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
89d32f58081bdabb4ba005460f81718f

SHA1
3e8515044d77c4195b9b6b5bb341fdf35e2093db

SHA256
455fb3eb11dac0434b08ac30f884801f4f8b449d0cd6560b35a9fb4e73080b98

SHA512
1124d2e403cf8c83b5c08ec2100fa8397939c74ad9fbff48e1f4fb2bbff15155c012af1c6c96063185f1a01fa11dbc39a8dde570a41de8877d166938e6d03bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
4807d3fd15c47394b1f19fec22a3a0ab

SHA1
c99e20371c0558e9bc1686e03937ea27faa851be

SHA256
cc9d9e9915236c83d9d577eda3b45a581147dc057fac7bfa6a8848f8b591336d

SHA512
db1e3fcace5d9211c73ba686e49eec5f4394c4e2ce13983c163fdbfa8bf7eb2202410eca1a1fe5f1a135eead198096112b6aeb7ec9daa4f6ec4bac4b543282a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
e9a64346e3312d2aa45d6e9a71039e32

SHA1
700fd51b309e9d4176d4779bcbda4f0454320db4

SHA256
64f00a3878f2e1a118157a15afe84b555148436c477cf66d4528a44336a0f014

SHA512
d2eebc097e74464a79673b42312a35fc220dbfe5fb777f9b5ede1e9b8f66388002c5780f6c68951538542b8836d94a0359f4a6f28cd39b8978cf34d9020c7ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
aa9f77cdeeed6df12ca4715d109400ea

SHA1
144b0328d8c5dfa971c9781fdc6c01fb7901bc60

SHA256
ae079942a4c19564f32b516f07c887effd9873079dd4ac83fa80d28d28655249

SHA512
24d73005df6ca01cbf5a17611b8d8b1d2de3682a3fe08293d54cfe4b4ff50d9c8765bfceae7c00ba8cfd0d3e7effdf2ae33bbacbbf54bdc7013bb2915304922d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a5dc8b54e02619e82041063b366eb01e

SHA1
fe4100f3f0b1e586c1129c1ec6c76be7e84a6ca1

SHA256
4203d583c3c7d67593ba2260a3caf116bd50c19b835d112ca65a98eb6fbc9f4f

SHA512
a5212d3f3511058bf190ad80483375af6a958f19b6249af8cfa3b2ed4d9a99f9b648b0be21a64c2a87fbd775e6fb8fcf0cbb22b5200ae9c688ab3934a283332c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
2544645362d3c039e506f34228ec34fc

SHA1
9e597264ad7dd101417519c37df1f758cf2ca72b

SHA256
c118b0b3f75c89e0091cc95f3360334dee81ede594cb4cb652bfaeac52f8535f

SHA512
70d153f22f0dbe4a2e8e351dd65d92f407055fef657e8f08eb65bb7196bbcede1da61d7fb4c49095a6f43116609dc9dee5b0e2888250ada2c0eeb81f9c547e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
a3e905da4838743baba8f7cd331a3bd7

SHA1
ad21e8f82ac4592425d3ae06feed4d149a23fe74

SHA256
8f78e9f401eb62f16fddebaf07f4610aa232b94680eca7728253098fc5315a1e

SHA512
c4333d0faedeecf8897bcbfd74f1a6d45c985fade5ab31ea33bdc4243c3f6948d6cef604ac266fb5f9b40a415cc471724bb67f48944574f909388d066c6883bb

Download Submit