06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 12:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
Size

1.1MB
MD5

a66dfa5cbc2e803833fc6b76f87ef120
SHA1

619d4f74ff6044631ddc548fc8b35fb1cf70ee2d
SHA256

06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579
SHA512

2e5dce3221484bd1a4e724598bee84baf7364b833dfcdc342ea33295de21b940c14c51530a18bbdd00b4d096df93f7b11c52eaaab1938848fd29091be495a95e
SSDEEP

24576:SqDEvCTbMWu7rQYlBQcBiT6rprG8auL2+b+HdiJUX:STvC/MTQYxsWR7auL2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584351801984237"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1132431369-515282257-1998160155-1000\{62B9B324-123C-402F-9208-663668225F00}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
684	chrome.exe
684	chrome.exe
4784	chrome.exe
4784	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeCreatePagefilePrivilege	684	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
684	chrome.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 684	212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe	86
PID 212 wrote to memory of 684	212	06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe	86
PID 684 wrote to memory of 4968	684	chrome.exe	89
PID 684 wrote to memory of 4968	684	chrome.exe	89
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 2428	684	chrome.exe	91
PID 684 wrote to memory of 4824	684	chrome.exe	92
PID 684 wrote to memory of 4824	684	chrome.exe	92
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93
PID 684 wrote to memory of 4296	684	chrome.exe	93

C:\Users\Admin\AppData\Local\Temp\06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe
"C:\Users\Admin\AppData\Local\Temp\06473e4d0eb54d7c628bcb4ed7dd3729034c83e584d0ccd33824c0e7d7d22579.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:684
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdca5cab58,0x7ffdca5cab68,0x7ffdca5cab78
    3⤵
    PID:4968
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:2
    3⤵
    PID:2428
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:8
    3⤵
    PID:4824
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:8
    3⤵
    PID:4296
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:1
    3⤵
    PID:784
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:1
    3⤵
    PID:2620
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:1
    3⤵
    PID:2124
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4556 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:1
    3⤵
    PID:3368
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3912 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:8
    3⤵
    PID:1600
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3916 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:4668
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:8
    3⤵
    PID:3056
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5352 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:8
    3⤵
    PID:5124
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:8
    3⤵
    PID:5168
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5180 --field-trial-handle=1916,i,4989248534027810091,5696495522582335240,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4784

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
69c420524d76e0b4ae5170d54e2ae484

SHA1
cac38e9ac0cb3686d7d5dd9ae9bc28dac9cbeeb2

SHA256
5b628283aca9c8f9bce4580560d37d13c14a9cd333b3afb64acadef83da970d4

SHA512
a23d037ef59f2c08e54699272894403a37c4648952ebb316a6016182f006d12e832e1ef1216a6a8d2fd110e3ab0c42c8db273571feb5db6e3193fd115ba23c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b8ca88544bdb8fa63c7ec27892ddadf6

SHA1
c47e936d28ef9814c31648db5bdae0aa31282903

SHA256
34ab7c3ae29bb483c5dfb8185f0ca76b6a67078d38202bbc1331569ffb295a2a

SHA512
5f09dd1e52e8f3b9b2a2c2ba0a3c4e486532099b7622e037cc7673e98d29ad02e555d92b88f90d91db711a08afdc88bbcc57ca0e9dbb3b85a042277b1113c877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d4166ad1597cbbeab2904abe25ad8210

SHA1
169113cf07719d13cecb503c3a3f4d58d0c21bd8

SHA256
976badb4e00c0f050968d8deb3825416eab7119981414b3ba4097ab9730ee8ee

SHA512
ada43409fed58f4d900ba0238378fbcb2ce972e931979a58968afe264ed7fef987d2380cd9a890912108482d648762d750d2884400068bb0e7d3d1bec3d3539e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
61d25dd9303db41d0954cdce93586515

SHA1
3fd3861faed29fa73d7bd1be7959b3bd4338adc8

SHA256
5ce2ec1611c32f3a36907c3c7552ec2dee59c13693d4432ea3e1381c384d3676

SHA512
66cac8b029527dbad2a6747e5d9c669cd9538b1f716c273b681a8ad5e7facecbffd1fc925c41f058695dd926e52c3e194ed9c2bb3834043e20d437c2cb6c07f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
03b6da97a4483d64db1f2f1dafb40d2c

SHA1
a50e921508b146dce683ef270b7400c9745a9f92

SHA256
412b11ab676ccb7b9fba54902a0c70c7bbf53048c79a33acec73ff92c76dc78b

SHA512
bdbbdea1d92c32669b97b6ec589c0049d93488ea183d8b57877016e392a252a75038183aa87e040a9ffd85cf0df81276330c34f8c2058fb1420ace8a9ed0c3fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
b106acc1c1a7bab311094c9f37c7fe54

SHA1
b58e11d9c497890d9db36318a071643bcc96268a

SHA256
3d2d3d60b1c5b3ccbe8c805a8d7f5cb85f6a2af90f5e16ce3f4027f5177e16ae

SHA512
3ee3dbb6a5545480f8753cdd00944715a054050719ea33c24526d9bc15abe79185a01e1d9acb0cf9a341044731533f03b7dbfd3a37955aa604e0a853cf05ae83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8a834d707a2784e2a28b862539b8f287

SHA1
6770fd848e16905aee1523f081594f9afe8d15a3

SHA256
96993eed5374f0a76887cce1157b344fe6308f1fa5d2b401920814dbec366ef3

SHA512
d5c2d51e46c366a9acac3aef8b09fded6df4257998a87db954caebd576aa7fa7fc04dd64298b4aafe5050bf83a372ae2a84093e848880da8fefa3c4728f310db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
2e74c8b6100d2bc9dda0c12f60433474

SHA1
c7e93b7d423a9a1f65177d7387af2fc5fc5563d4

SHA256
1d68029623f17fcd1e0627060bd3e812fa25c003a6b856e1c2b79147927655e1

SHA512
1b8adf5287ebe073d07c9c0f60ff0dd56548f82ef17bc1f62fd7ea5fad2a27bb17f133b762fcc447b2242a5a6852ef0b7b67fb7304b62034145e0a19819b186e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
87a75b7958e11f9cbd4b5bd8a6fb46d6

SHA1
14ae7b2d86a8ed651fdee7ef6f669f87236486b6

SHA256
25919ef12feac7c528e2473f2f9e778c0ae082ebd6e9cf3dfb4895bb3987cac5

SHA512
a19d8b895710b2b5d5b7ec3827a12ae5e879b72cb0b95dc0468426d52ab66c404d4a0325655b5124304fafe81930625e211e287fd4e8eedaf3e6929f2e59b597

Download Submit