8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
24/04/2024, 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
Size

1.1MB
MD5

a32fe5094fc81168661355dd9dc790bd
SHA1

9eb9257318a3403a65480b8e7ac04a1f97653e5e
SHA256

8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be
SHA512

018dd6483b7e5a91148b42e0707d2f73f6d665c2a8ce22c1504dd7a1eadde98c274b7d2b81d74bf3887e535d38c0ab5f25122446232e9758320bdc9a2a8c3551
SSDEEP

24576:RqDEvCTbMWu7rQYlBQcBiT6rprG8auR2+b+HdiJUX:RTvC/MTQYxsWR7auR2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584532281085155"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718508534-2116753757-2794822388-1000\{454DF8DB-2B33-414A-B3CC-0FB52D1B6E65}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
4008	chrome.exe
4008	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
3408	chrome.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 3408	4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe	80
PID 4560 wrote to memory of 3408	4560	8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe	80
PID 3408 wrote to memory of 3420	3408	chrome.exe	83
PID 3408 wrote to memory of 3420	3408	chrome.exe	83
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 2156	3408	chrome.exe	84
PID 3408 wrote to memory of 4120	3408	chrome.exe	85
PID 3408 wrote to memory of 4120	3408	chrome.exe	85
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86
PID 3408 wrote to memory of 4868	3408	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe
"C:\Users\Admin\AppData\Local\Temp\8ffa6f76c08f8076b1ccb9f90ab0110560c1aa61a60e6dfab72c16abbea5f4be.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3408
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8fa2aab58,0x7ff8fa2aab68,0x7ff8fa2aab78
    3⤵
    PID:3420
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:2
    3⤵
    PID:2156
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:8
    3⤵
    PID:4120
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:8
    3⤵
    PID:4868
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:1
    3⤵
    PID:4844
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:1
    3⤵
    PID:4212
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3820 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:1
    3⤵
    PID:3156
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4244 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:1
    3⤵
    PID:4344
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4444 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:8
    3⤵
    PID:736
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:2420
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:8
    3⤵
    PID:2160
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:8
    3⤵
    PID:4204
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4040 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:8
    3⤵
    PID:3112
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:8
    3⤵
    PID:1848
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:8
    3⤵
    PID:2032
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:8
    3⤵
    PID:3256
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2704 --field-trial-handle=1844,i,8616278038790007042,6220291359929107201,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4008

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
75502e6bbc69bde435c9a27373d16e90

SHA1
401f2c9725c23516fd1eba253db236853247a4a0

SHA256
fdf75eeb8678a2b5c9f303dd0f6f8f5cbca9d4cc522f86745e2b0687ea482c71

SHA512
955e61b6db277213a660a614d0dbc5ebb7db5bfb8473108dd7c4b1c281fb201d847154adc637e0ffa165cc929b7fc7490920a94e33ebaf4f515f7a3852d3f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1c8e76be1d5dc5e74002792b63363132

SHA1
33956d9f7d2848a63bc447a1ad27b14a48b0f7a4

SHA256
d5d0a4370f98810a5ee1f66cc4957ba6ee57dc5ad9d5a75ccddaa7878cca8bf9

SHA512
46c5054233f8ccb8e922e3cb18345d1561d0657253d812909e72dd0cd81d1e270753081aa281bf47124e42268cf6fb342c8c0df0bc7710d9ced7df7d28195fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
37adf40ec9dbbd61a24355210fcdf9f7

SHA1
3951d87034343240b76bcdad71f2fc18d0e2010e

SHA256
f45d02f69fbae61012b585d6fba011eee8d774c6735955439ff02b62f30934cc

SHA512
196a8cbd4a082e0cb255de609a553b7cb54a529ec86a4374424e72e750028ed72bbad67798dd834a605eaa44751b8a17ea2985564c54935fc35b4357e08063a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
4703e39b754a81a5aab9748bace2f107

SHA1
b1b503c58f56dbfe64ed56d8fda37187604ae699

SHA256
c644a7b1e7c854f9a6f1d3a2ba8a31c99582a857daaf06e7c7a7a014aa073ac0

SHA512
db3e29f3e7108da8b4ceca0a4ed5e3d72a4303c6d3f2364104e08c9830facc41ca510fa81d954a590398789fe2d7fd239bcaaa0cb99e597fe0ced75eaa6e15f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
6c94bf874217f06d14de61a98283bbba

SHA1
efaa07e7a28a84e7cf5122f5a0ce3b49645733b0

SHA256
e97750787bb88152310a2d69d650b6535098163c879fa15b289016a9aff38126

SHA512
9adbcdae9703d9086d9734ee1d783ee3a57d8aba17df980987b8fb4aa8339ba9baa33b795883f77d798818c073a48e1220b930e8c24b8bb7670b1f60d0354813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
77a43cc5ca6368f38678c137da8f3fb8

SHA1
9901fb97a4a3951fb37716e57ebe5d83b4b54ecd

SHA256
e795287078b35ec6d52c2d999c8b26e09640c345d33f30a1afadc71729bd4764

SHA512
1efb8a1c6939f65f9ccc726367e56a4074941aae8cb85ff9dd4738e1d5392acd73a8246f426a528d28fb0137d140dfd38c6020fe6dc2cdc557685831ff447830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
18634b37c0f08bc844d62a476753b26d

SHA1
929bb334cdb3bbe309d4b6fe4589f049c4a5cd2d

SHA256
63c3df7ae21ad72e7f0ccdca29852597b474df6a7d80a197b53e355022e9f206

SHA512
946ed8ef9807cd9ac08505b167f185547e67c3181cf8babcd11cb5dc27a985ddd526634f300ea9b01a717ad05f507733b57efd9ad534b41c74c77a1b01f9fc99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
9b8141ef957c6f334200ef1473f19749

SHA1
64b5a81cfdcbbc47147251a36742b5ee7a92f1a9

SHA256
b107be8250b9e547a2dd24ba48e23f98f514b20a4fbedbd27993ca74cf864847

SHA512
f31f980609c3f2aad341dafc5b46facba8cec97de0b8a5fd57d23326396c3595dd6104eba26ca58227ad397c29f3ab99aa9aa12d6a9ee7e3219c895776f7b498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
274KB

MD5
3984a08605bfffbf8d99db3d603d44df

SHA1
4a750196534b5d5e7b68e18695f8ceb4ac145999

SHA256
2847486e0a98702d5b0ddfc63a2d6a897133137c794b2ef2b0a27ce167aedcda

SHA512
3668136172bfc081be0e7a6191b68e137fa8f9edf701004d7ee5996cbeb5a472d1bedd72e0996457eac25aa58c7b15e5482b5930c2e5edd215e29794472efcc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
e5f5b83bf619e64279f29cbb6c65b210

SHA1
4ddf3dedb10ea38eda5b1dac11de5e1f8de456bb

SHA256
412047bdd7f7b9eb35d785191b2869cd377d767d255ac69e821aebb8d515334a

SHA512
22cf7c870d9c2bcef272b375a362a3829555ae14613f7a88d6160ff1e92791dacd2ede1e49f7f0dfa250e206e6f3c7775b5170f8672d2847675b1bd93f65e854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
20002872ca373fb1071f4cc685e7c8f6

SHA1
b6c963254b6369d72ff70baf96657c1eaaeb6e3b

SHA256
80d9e10ceda520020d62d66256e5763d53c673a426535a01ed4c101fed5b62b4

SHA512
3812a12806c973a5aaf2f7cebc5e4c1729d8f035c729aa6781cf0ce7863c8ef3fca8de58be9b7b9cc36c21b4a0930cb9b9ae9dc0ca6e177245c39c5d46a13d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
69386bf91e53310607a7faa383f924f1

SHA1
a13290294a314bb572403ac71b61d5e24a6f3ac3

SHA256
719d656d51cb41f4cb129f27db83859bb7421e73e4bc17220bbc60bd24db2a24

SHA512
416f8b3d32b4f5666477763f87ce5f3868a0385aac08d28086fdac5f10db45a7528de7e7b72981888f3d161c0305e1539ca3f9de8e122e31dccd9d0dcfb07b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f4df.TMP

Filesize
86KB

MD5
2b379bfeb8746f3654289e44845024ce

SHA1
15123d9c95224bb8c7563e712c3dcd2c0c6540d9

SHA256
2453e6a413c558c2c62bfcb5ee9dd8abab4b8d30ddbdb1aac91b509490ae51b7

SHA512
65959f5953fbf9a1107825ef179232013be950c405ed3a38041703c15d79840932fd43eb3cbc8025242de4462b5bcd00d66b9b91d9d9e34fd2bb0e3d5b00853a

Download Submit