8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
Size

1.1MB
MD5

a32fe5094fc81168661355dd9dc790bd
SHA1

9eb9257318a3403a65480b8e7ac04a1f97653e5e
SHA256

8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be
SHA512

018dd6483b7e5a91148b42e0707d2f73f6d665c2a8ce22c1504dd7a1eadde98c274b7d2b81d74bf3887e535d38c0ab5f25122446232e9758320bdc9a2a8c3551
SSDEEP

24576:RqDEvCTbMWu7rQYlBQcBiT6rprG8auR2+b+HdiJUX:RTvC/MTQYxsWR7auR2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584532231852018"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1132431369-515282257-1998160155-1000\{DD5C8885-1779-4358-B477-03C6AA9F8B3D}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2496	chrome.exe
2496	chrome.exe
4968	chrome.exe
4968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe
Token: SeShutdownPrivilege	2496	chrome.exe
Token: SeCreatePagefilePrivilege	2496	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
2496	chrome.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
2496	chrome.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 2496	372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe	88
PID 372 wrote to memory of 2496	372	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe	88
PID 2496 wrote to memory of 2316	2496	chrome.exe	91
PID 2496 wrote to memory of 2316	2496	chrome.exe	91
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1628	2496	chrome.exe	92
PID 2496 wrote to memory of 1496	2496	chrome.exe	93
PID 2496 wrote to memory of 1496	2496	chrome.exe	93
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94
PID 2496 wrote to memory of 3608	2496	chrome.exe	94

C:\Users\Admin\AppData\Local\Temp\8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
"C:\Users\Admin\AppData\Local\Temp\8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdc44ab58,0x7fffdc44ab68,0x7fffdc44ab78
    3⤵
    PID:2316
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:2
    3⤵
    PID:1628
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:8
    3⤵
    PID:1496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:8
    3⤵
    PID:3608
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:1
    3⤵
    PID:2880
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:1
    3⤵
    PID:3456
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:1
    3⤵
    PID:4020
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4520 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:1
    3⤵
    PID:4364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3020 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:8
    3⤵
    PID:1548
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:3240
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:8
    3⤵
    PID:3948
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:8
    3⤵
    PID:4836
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:8
    3⤵
    PID:1940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 --field-trial-handle=1948,i,4693529822639924312,15574874131376214881,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4968

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e58222acd69343dafd6f1d486c9a5964

SHA1
dd154492dfd47c53594f7c21f03ebcab808f011e

SHA256
0a809bdbdf3311aa7e671824586bde31183dd031f071d0e769e0817e2cca1061

SHA512
415942d5dd34391e186130ab0b9f534c2103e1bdc6f76753e5381a6a5f0d60927f5d744350c4757ae37ccbc4814d943bcc769ef67a8eea10ec73406c34902e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7d614bc26886337236bf07640c7fe342

SHA1
2ed0d64e50ea0c90cd89087bd9e6b7fb769ff8c6

SHA256
9cf05f147f82ebf82d08ab5a46cbdd60a3267f244c44ffb3b781c62419678272

SHA512
b2fd1674fdeec7ac562c682efcf832663408f97f1d04ed40b8221eb6f0037b21818f377d074a6020e8530d83080d1701073d004e5d218e575cfdab35b6686ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ccb33e24d73ccc458bfb4983e307809d

SHA1
9d493a38f182b42b98da3b2a873b84ebddc36fa5

SHA256
28855f62da7bc8c47432b20a3eb95338b431c5bdfa3d26e90bc0559386574d68

SHA512
6c324ba1ad497d989f71de5cc27daa83adc8a194024e16abc86740c651080ce07f2c14c13d9a1356540984bb4b52b3584d421b494849708e9768cb45acd929a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
cf90ba11898b7cfe92a86cafb43a7f2f

SHA1
6507e4bebcb536b0b48961b80513d61666d279de

SHA256
8bdfd84c3619e5786877c677d4b1f4b7d5bb39564230c04a5fb89d5db8a83a37

SHA512
818390150cb20c00a5a33d3c8f4d133e97248b582fc6e0b3b36f76fa1cb97ae28077cc91804a8191e834b66b849233f51a887a161313235174c85f13588beebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
271ca988fbe1a6e8b474c21368159437

SHA1
a7c49a37eb2b8219533c005297608eb143d1ed7b

SHA256
f4be42110dd41a2e5019147d2965532d4c4a44b0047913ae66866dbaf4694ae7

SHA512
f36edbc69abc7226476f342e82777bee7598f5f876057edf8fa7ead87258cb5ada49cac024c109ccfa8456b78ba989d149affc23623979c8cf7f60271f104fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d89f45177d40b91a9ff52266b38a364d

SHA1
7223f43ea81b3a4ce7f6c99f78b9a4d9d87a762e

SHA256
66203cd2078f04a75e370f912a4d4db27d0c511d408384707f964caeb7153f70

SHA512
1bbf0e25e85542deed75d79fae9c745bdc24f573d602da0ef3aaa1ed7fe1ab5154bcb0b766e0284790b217a6515e5a40a3093a752b630e26b59ac9407eeb348f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e9a549535c8ab626c6c6e4142e32c959

SHA1
90cf99a43e8ee2dd69634f194e25c4e06012ce9e

SHA256
4775c5189c97f5cd9c6a8e885af96acc5b2c9d2332948bf7aa99469f49f142bd

SHA512
9fc75609ed04bcfccf8745dc4533b600efb4aaf0471a6a2e463a8bff02a3dcff08e688952d2d571ca2d79e3b9c84cb2c22597958309468532a8699ac3ed275b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
dc0e2e47f8ef245eacbc2a27ccca2d4a

SHA1
93638ada70cee7bccda0db478a932ec16c21698b

SHA256
dfaf4e2a64f232711320d2247163009f7dd70f7d9b88660d2f3d6ef79793494b

SHA512
00c50aa8d9283e3da2d138f7280f028f87d9ebc8ffb9e7f03a662ecf0c513a3f858bc44222e824a2563b7ca5c845737914030628a87993e0b03561d150871b12

Download Submit