8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
Size

1.1MB
MD5

d59dcd5bb7cc84f38693410450d5704a
SHA1

5bde842b5124849ddd2f4d8926dd5a97fe671256
SHA256

8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66
SHA512

27649ef8e4dfcf5a0063e333e657728c13095acdadd39f966d816c553fd21ac811166b0ccefe383b12b11c20d987ed3266091004c172568a42340660c4c21376
SSDEEP

24576:BqDEvCTbMWu7rQYlBQcBiT6rprG8aus2+b+HdiJUX:BTvC/MTQYxsWR7aus2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\International\Geo\Nation	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583579477304530"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2177723727-746291240-1644359950-1000\{9E9BF085-1EA8-4732-B7E0-4D7C68DB7BC3}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4252	chrome.exe
4252	chrome.exe
5560	chrome.exe
5560	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe
Token: SeShutdownPrivilege	4252	chrome.exe
Token: SeCreatePagefilePrivilege	4252	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4252	chrome.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 4252	4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe	85
PID 4164 wrote to memory of 4252	4164	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe	85
PID 4252 wrote to memory of 2308	4252	chrome.exe	87
PID 4252 wrote to memory of 2308	4252	chrome.exe	87
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 1616	4252	chrome.exe	91
PID 4252 wrote to memory of 3856	4252	chrome.exe	92
PID 4252 wrote to memory of 3856	4252	chrome.exe	92
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93
PID 4252 wrote to memory of 3716	4252	chrome.exe	93

C:\Users\Admin\AppData\Local\Temp\8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
"C:\Users\Admin\AppData\Local\Temp\8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4252
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97facab58,0x7ff97facab68,0x7ff97facab78
    3⤵
    PID:2308
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:2
    3⤵
    PID:1616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:8
    3⤵
    PID:3856
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:8
    3⤵
    PID:3716
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:1
    3⤵
    PID:5072
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:1
    3⤵
    PID:3320
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:1
    3⤵
    PID:4084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3444 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:1
    3⤵
    PID:3140
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3592 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:8
    3⤵
    PID:2168
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:5100
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:8
    3⤵
    PID:2504
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:8
    3⤵
    PID:4148
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:8
    3⤵
    PID:3252
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1908,i,8621683226994114796,17003981396962954581,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5560

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
362328cfed76eb5d2aa989e86ecdc52d

SHA1
8c07243fa306f99ffbd103434928072164b8d006

SHA256
d9bd190d1e88a7c14a90e9b38ffbfe3fdea052df05d88b2059c530c6d6fdcaf8

SHA512
49a64bfc3d14603ddaf2e34f0b4bea9b1316dba3fde33ce56dd5c608be90621ee331c357b7c8367bfbf07ae6a2b49959fdc21db688cb9fa96e412e689847cd66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3a2c79c0576bea7a256f6bf30314cf1c

SHA1
2ab0256adf013c429e100be7dcf7008d3b83a7c3

SHA256
9bfedc6a98a8e27b511485719a6a6ea082ddcb7bf74a2d8cb75a37dde84636c0

SHA512
640545385d8d63554cbd9b5350044428dc7c96031e374c47557e1e1deb6b6efd9694b628a9e7b0db34fdc3cfd31eab651eaf8dbdcd69998a1297bec594d58966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
732e63b967ac280eba5c561a01b0e345

SHA1
5c0484f4cf827c68d7636e2cdaf1cc94f23ba5e2

SHA256
b8f86907cdd5ed1d356c184584a0a42c1d063be846fc28c31a0ce3d8b275d02a

SHA512
63e5d353fa52a711dadaf07601a7acced27cbb3393695475527d9941569697795309bb2ca63320f7069f206e5dcaa2948d3d962bc391e57ed32047561fb5568a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3bfd8e351ac497f90f263a08b91ebddf

SHA1
27afec1d1c4e439cb91498faac226e717f97e1b2

SHA256
679a4d39681e01c2876aa719d72e362b15bdf669c197cd6576c0eee1a80bccc1

SHA512
aebad3d9d326a36a85e53135d38fcea3757c5bb1229a0ff8762d787d97894185c69f9203346c3134277f7ceea6a7f12ba7a7b003592c1b3ef5ddac10467eac5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
e56c29b2002048a9b7ec7facb2b54b2a

SHA1
c38b3c3ab7169cc3fc26a9ff754fb7c8d6b9c1d5

SHA256
f425758597ca84332d2ae4bb571516a905924ca58b98570d6819d4327e57202e

SHA512
3a25b59b46931e178dda2728513cdd76243e4c5da7abad69d61d623fd1cffa47ef42ef4e643bc433d0e1b6cc2a9cac45f748eb5cf5b746f97bc6ed792527b0b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
fae831f7676ba036f2b638326588357b

SHA1
8e8bf4e3a974d8c2f892d3790c7e04c99d198bb5

SHA256
f4dc7964e2c38f3a9cd00c7ea13766ea8ce8b7e10836540a9eb2b0e54e6df2a0

SHA512
6941582a8ab4cd0c2072a898373f61b66330896534678f18d84036a5f5cc72c8a9689f9f896ca5a3d8e67293401e5cee32bdcfb72826510042a49138a684136d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
826944fc322e761dba7ee9c8e5e15d36

SHA1
37411bc22b9d3e5eab8f0392794a87f9039525b0

SHA256
faaef8d6fa60010349a18542b2508c4aea8375feacd2533d3ba005647e591ad4

SHA512
76f8b2ae7a1dafe01e674dd32084f4be1a427bc8be54fc598a027a1f6b3816f46fe6dd4ed9b3a2af8b68be10909a45c4a2cc2d38bad99f952f5c874cb288bd17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
35e152de08c8d7bd6885a9b532a2b32e

SHA1
196ebc75a003467f4f10c78467ba19de471de5e7

SHA256
4aac9892a20de76435b0e39eead1a79ecf14e6a6e2ce8843234da088ea509a60

SHA512
d87dec35f2b21f3e243998dd31a00fd067708c9fa78af659c24c253e02b1f1b3131cb4363b0be51fd587902f6fc3aa693d14ec8f7fa459553179fe300f549902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
8615c6568d8b9f882923d2b49044fc60

SHA1
4b587b4f7a4218c01fa829d9027ba1dfb1a409e4

SHA256
b518bb6383a0ca5f7406ae1d7ef3060f97677c4ad544f4131becfb5591004b81

SHA512
13650905aa7cd569df658da0f20eab2cd221e24eeea299be9c10f5eac438a0f3375c495c168d10cb33e643b75d489d2bf660adae430ce7e04660e7202da742b7

Download Submit