8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66

Analysis

max time kernel
149s
max time network
142s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23-04-2024 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
Size

1.1MB
MD5

d59dcd5bb7cc84f38693410450d5704a
SHA1

5bde842b5124849ddd2f4d8926dd5a97fe671256
SHA256

8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66
SHA512

27649ef8e4dfcf5a0063e333e657728c13095acdadd39f966d816c553fd21ac811166b0ccefe383b12b11c20d987ed3266091004c172568a42340660c4c21376
SSDEEP

24576:BqDEvCTbMWu7rQYlBQcBiT6rprG8aus2+b+HdiJUX:BTvC/MTQYxsWR7aus2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583579606566364"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-801765966-3955847401-2235691403-1000\{9B9C5259-5906-4E55-BB29-23F2E20D3850}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
544	chrome.exe
544	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
544	chrome.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 544	1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe	80
PID 1432 wrote to memory of 544	1432	8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe	80
PID 544 wrote to memory of 2304	544	chrome.exe	83
PID 544 wrote to memory of 2304	544	chrome.exe	83
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 4120	544	chrome.exe	84
PID 544 wrote to memory of 3144	544	chrome.exe	85
PID 544 wrote to memory of 3144	544	chrome.exe	85
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86
PID 544 wrote to memory of 2864	544	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe
"C:\Users\Admin\AppData\Local\Temp\8c4cdbf20835b2c5ba20bf1bb2c9d772fbbdf414fc0ebe8593a6d44c81cceb66.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa9600ab58,0x7ffa9600ab68,0x7ffa9600ab78
    3⤵
    PID:2304
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:2
    3⤵
    PID:4120
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:8
    3⤵
    PID:3144
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2128 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:8
    3⤵
    PID:2864
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:1
    3⤵
    PID:4592
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:1
    3⤵
    PID:364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3804 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:1
    3⤵
    PID:1672
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3924 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:1
    3⤵
    PID:4400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4352 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:8
    3⤵
    PID:1528
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:1984
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:8
    3⤵
    PID:4468
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:8
    3⤵
    PID:3644
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:8
    3⤵
    PID:2964
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1068 --field-trial-handle=1848,i,2815062603014780931,804970001816991892,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1432

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
d89f71aaa01d1fd0413351f6a486b4d0

SHA1
c63a5ebf0d62e220a46e043a89829837e2dc113b

SHA256
0ae2fe57ece51d2a6555d0c9e252999a5cb6b571bd53f97bda0947aaac97f361

SHA512
5f933255058649dbbb5ad6718448d5465f80c293a6083ad20163bf6754bef39b156bfde42e4228a8bf3af44f646b2cdfd16eec874f0b659762556cdd3f4c35a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\662ae21e-2f5a-4d3d-8595-64a7397eaa47.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7e4b11f4a75f43c31f8ddc464ef4eeb9

SHA1
19eaab7fbd109365ab527fb0d8dd129d04c68e09

SHA256
4a2de6e997b022ee25b103a04f2db52d23745898e52ff437918e563971031a38

SHA512
e3357eea96a7b81ba52af9354231f4b8b62b439561a59eebc91c9f5cfc46da24c2c9f50b391cd85c18c9e6d29a0bcbe5c1443db1a5b8ff505ff4f3d8d1d21b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3d31de0343dd7703dc74107ccbe61cab

SHA1
4d2ff9464511f5b7b7843ef7198a5e459699d3e0

SHA256
aa556316ca248d51948538a7b0f847b1a41ec6f5e4bfd4774cceb83c568196a4

SHA512
388c6a1b7028f3426cb96df1a42297d92a16c1470f5a15153ef4608431adb6e2b82b06b758f7533ebfcfe210f7d6aec563a135f877761676e0613c8c5aedba66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
e40bc68d9956f6600a48b9f6b3cb21a6

SHA1
e243a6d495a8bd6219b65369fd2b7a90121fe80d

SHA256
483e3de8c850a7782da8126c64eed3e8f2f5bf1dcdf23e9649b37887aef1cfa0

SHA512
4f46410e3cca7567a0b353609fe072d7cf5971c6909b7d7bb64237b66b731feb4534dd3d79d4d9bee34e504495427dffd6d22687958ca858a865d185f2fe4497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
13015fbcf22fdf2876693a14325fd9c7

SHA1
144c18256ce610c4c4bf6b30420207c1a842d760

SHA256
84aa78bcb5c3a4cc77d76138f65a2c7097ea8a0db5be9c383174731cf75232f5

SHA512
385f3087c9704a967f625aa4282589ff0e95e88e8392660d3d9b62f708f01093b04eb67aec60ea6689fb12816f1bd97814e7d4199fc63f992b5742d3435852cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
b691331325501a6bbea4943b2d87171c

SHA1
0fa2979ab44c6506ce013e28a9a2f047ad468330

SHA256
c6a4977722d053043071beede7ebca3b2220e6eb30309d728831bd9eea382455

SHA512
245e49f5fdc1036fcbb1b81fcc2476a017df8b8112d65fbb5eb2517113c62d9a08500293e17add8cce0c6de45fa5291da57d70b9b6a2ec80eb88787c16860fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
50cafe8fdd5a9f24bcfe12eb942dce5f

SHA1
a2240ff4f3613f4d19d6f3a74dafaf9a45574c76

SHA256
058d5b702c3a8aefe845b108ef2049f8bd5a6e61107d109f6b0d8f0c17ff6058

SHA512
32441cc78cd40e0385da61f307e03878af380de0bd290d2e8757ae8afdd4b1d55224c53097f8fc3f85004ac54db2e2bd43fdd6fee2868f6563916761eae1fc4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
442bd23f5aa7e183237b69675383164a

SHA1
784fa7146056d041a238eee73bbafaecb6ace8b7

SHA256
18f741dca34285ed84c1e38c14722f50931de5dfd368e59124e7a32776cce3af

SHA512
ea4b4f542a8b242b9e5ddd3f542abe6e83651dbb191d07a3e6d14516a6834ecf984361551796344e69151892a0e7e6ecc79128d6d724344f24e88b6772906e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
00ee88c8e4daaee1fe9fc9ea24476f74

SHA1
6316a080284a5376c3bc4741c1a27b45e0c63a07

SHA256
10b4c7795232b1597365e6031025593617ba2bba680ac91d2039cd4dec4161d6

SHA512
8e288a35c58223589a4a300e0f677ee2809e34c01783441dd805cdecea6a554bc6b14d4641e5f2a16bac1c4e422428bc4472d650b509e8fc3cfd505622730e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
8327247492d5238112a7b5ba82d0a7e0

SHA1
e181d8d122907fc39142273d8c93868db571801a

SHA256
33280b6334ab826928349eec7851106351c227e6e1e89a6516a128b4b834e0df

SHA512
28e554e4827ea758534693892d130d3a4ec837a8528375d35115f9b19746ed8533a78b7a74521e975bcb01a1933bb2fb045b2c549543d488322794e3dcece44b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
faef934d3ed21869034b79d58d601b21

SHA1
0e779c40eacb791b963a6208bd8e833174dbc0e1

SHA256
36eb3ab3150f2743b0275ff05b06c21ab3de778de3d566d59b8450eb38ccdd53

SHA512
5188bc735f3db9020bb9aa787f41f4aee911dd8e9df5be9e3c9509571cb96589f10c77352b6960dcf315cd5ed07bfb95e96d59dda3c436ba284b51a5a0c1f74b

Download Submit