2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
Size

1.1MB
MD5

c3fe82faf2bea9f2d2ef985b384133aa
SHA1

dc50aeb530bb9c34f23e2f37f73bb0a3c77b5ee9
SHA256

2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6
SHA512

6e6b337ed775d1820cd773663ac115b7b48ae01d856fd87732432035f8260e5b9c47f2e686ab6a8ca9dfe495177a8ff1b6dbc3585e6b4dce733155455323a988
SSDEEP

24576:EqDEvCTbMWu7rQYlBQcBiT6rprG8auU2+b+HdiJUX:ETvC/MTQYxsWR7auU2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584942278520802"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-259785868-298165991-4178590326-1000\{237B510B-D37B-4CDD-8322-8A962E60911B}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3808	chrome.exe
3808	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe
Token: SeShutdownPrivilege	3144	chrome.exe
Token: SeCreatePagefilePrivilege	3144	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3144	chrome.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3144	chrome.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 3144	3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe	87
PID 3196 wrote to memory of 3144	3196	2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe	87
PID 3144 wrote to memory of 3844	3144	chrome.exe	89
PID 3144 wrote to memory of 3844	3144	chrome.exe	89
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 3460	3144	chrome.exe	92
PID 3144 wrote to memory of 976	3144	chrome.exe	93
PID 3144 wrote to memory of 976	3144	chrome.exe	93
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94
PID 3144 wrote to memory of 5112	3144	chrome.exe	94

C:\Users\Admin\AppData\Local\Temp\2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe
"C:\Users\Admin\AppData\Local\Temp\2657dd9f7bde2b3b019797d948c811daee6a5e69c3ec2c723549278ce8369fe6.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3144
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2b06ab58,0x7ffe2b06ab68,0x7ffe2b06ab78
    3⤵
    PID:3844
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:2
    3⤵
    PID:3460
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:8
    3⤵
    PID:976
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:8
    3⤵
    PID:5112
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:1
    3⤵
    PID:4768
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:1
    3⤵
    PID:5040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:1
    3⤵
    PID:5044
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3288 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:1
    3⤵
    PID:940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4600 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:8
    3⤵
    PID:1740
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:1360
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:8
    3⤵
    PID:1932
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:8
    3⤵
    PID:2448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:8
    3⤵
    PID:3508
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:8
    3⤵
    PID:5616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:8
    3⤵
    PID:5624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:8
    3⤵
    PID:5720
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2560 --field-trial-handle=1936,i,10635933474704507245,17276265884100732648,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3808

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
1642e25273181175fd15cd61b8e815f8

SHA1
5a812e9c653095e17c42dcd10720a16df48ce317

SHA256
c4be85a6b496505e98575c51bc634c127145994ca33b4cd0861ac5da08c3cb72

SHA512
621eb245debc1a1b4508463029bd7d44a81d0005ed023d51da215de6bcd3c74232ed55e20442729e9f54e1a30018995bbd85681c4884f4150f5492f6d491ab35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
08098786fbb310b734e73db4291c1932

SHA1
3d7e129d91fc3197746c099d6a6dcd67598c1132

SHA256
651b899dcc394ad665f3e717122b772389f9dd16c0e7bb59d75305e4ae141e2e

SHA512
fbaae7250f283ed58040a4c7aea11e9ef78e8ad0f185340d6612c68a1776cbe8898f2996d58ac0c2e3c9774cdb38ee58ce94d2d6a2ca7bdd9de99b62c842fe66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0e68e3bd76a20919fa78bf446b8906ea

SHA1
ab811787a600ae730625799156d513c80be8106d

SHA256
dbb213739d4539ff587fb1c0bc7d66dad4d9d31d6286a012a502089018f2ac0d

SHA512
585548c9ac015f4dc5d650776324c51947890bea0a5ed0214ff5e61a53bd85abee4c79d9e41bd2cc0f19e531183fdf91234ce8867749dfa9f202f9438bbd3b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
1083b593883f622c1e71efb7e0552d26

SHA1
dfdf4adfea5f1ff4b8949e1bd0887790ecc2e72f

SHA256
33e1c8ba6266ddb7fea028addfae27a79b6260a7ce9d07275125d0186913f85b

SHA512
64c3e7e2e92464f62d7995a0a20c094d55b90b417a3ad2a590f4a20583f334fb3f9ed013c1209d64926e28ac50791648c609bc3ad6126840b9bd56dbf3ece6e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
ed70152ea8bbf4c19d753408795181cc

SHA1
2284b4efbd7593c4b20988ea5c075b814f39f188

SHA256
8e098f203ea84c64e646d5126c29d6fd86289670b5a02ef7c66ab036e3e1a2e6

SHA512
f61eeffc037a0362972e40285821e73e3314034eba3c963c5853763b6cee0a56c8787aea2bdf682c7326b709edc9236a3a22020d67a6dfa592569ea785700c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
26d9c12fb90df686cba90b61d12f57e0

SHA1
00db09f9c2320569b333ca1fce1dae7f238d51b8

SHA256
9484ca6af8be3cb9c9aab3fb4ff99b71ffb5564e57a293f5a538b325e353ce29

SHA512
00069e41725f8061fb2be426fe8c66d362632fc74293caa0a469ef7f9d90e992a71318c0bbcd06f8a7796bc89a1c11220f8ae71216643ad21250f111a78d45ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b0d9a4a451977a853dc04733142fc0ee

SHA1
29de89bd0a855ca9adfd14eb9540d1e15737b808

SHA256
ea32f1dffe6c278b84749957c718549b0330010bfd1a398380ff995b78d6e184

SHA512
21496f38312f1c17f9684ed1bc897383b3a5d4664ee4754846ee95337d56caf7efb5ecf3ceb3afc40d837d0ff9e20e8ee6aa00d3ea323bdc00bdf8eeabcdc0d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
3c037ce7e7d1ff111c7da889505e1fba

SHA1
280b56f0d8168d9cfc73f9bbdb81ff904af0de58

SHA256
88e7cac1bbebecda9a4727f6d25628545bd19ffc0489731e263fa7c126e5c0af

SHA512
a42ad282977c6328780fd57212193ce0b24a4b3c101caf464383f433524e3f26ffc3470c38796cf03bec19d88d40fcfbebbfeb86b2c81df27366ecff3d36909a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
fc0ef909d6a6a3045c8f1f66819922b2

SHA1
e6110e7dea42a3ff3fe6f47ccb402f8f7bcc8efd

SHA256
3ef76d6f3aca40203d6dc4d993347fbff9bbecb01401268b16a295450ce3cb55

SHA512
d50cc1aab1c3cc720877170d191caf5da064d6bcedaaa1136787653f4c83feed08e004adbd3f05fa6c22958ba8f6967696e2984d8b71c05e83adab2bcc65acfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
fb9b3b1bad1c92c0df816f4011a9fe12

SHA1
68a657b3df28cd40f4056db91b0a4e0e9417628b

SHA256
d9de1d82b2d0c12d6cfca2a769b9976acec470cab9255f08be493cbb653a15c1

SHA512
455cb73b4ce3b57b1ae1b9da06a13f4b09ed6f67a8b91843fff50e3b408c5b7859107ffc8a2609bb7b88e8bdd7ed39d5b91810c9bcf770bc501b8474122e2d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
e4960312e39fbb3cc8a269c5e243b5e3

SHA1
e98ddc52caf6737fbeb7f96908deb355f0cd821e

SHA256
7ea8080588d1dd78282582332ea343989f3bf57beb281466a398d9cce71ba9a8

SHA512
d0ad4b72284c8a7a2abc3a6f4dfc91b05900b41a1d4aa0500da880aeb12926859bd79f9bba883fa22dd69fe8fd2a45e7bac8aaa2a47c240233161fbca7b241a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
cd0c466240693f584b08e06909afdb02

SHA1
eeb924121c1314c1efbd2818e60544899236977a

SHA256
dc27084858a343fb53edb653f12fcb05869bfdb59f419325b56a20135fa27437

SHA512
f67b9639682fcd01f0884d9675d0ddcf49ac765cf8f87c939e55ca6392a4a56a50820b519fec6106f646607da88ad44c05be2e5f21aba46736ce92c50c2b4fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
2592a0269b097ce5e86c95be8d9a2014

SHA1
42fb727f302e994082704f69a866927c32b5b9fc

SHA256
fceed3004be57095a7f49f776e96b0de8b28d67bbeee09b7a5a9ce6a98e516a8

SHA512
9c31fa137f4509e6e1564335e9df4049f8ac6367cd61c1a9fdad440287935857aa3c2becee611453e0c69a15d82c052ecabdc62c5531be8f17a334d76b8a1a57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581cab.TMP

Filesize
94KB

MD5
3f93c0dfb59e9851c7e603d56299286f

SHA1
d27cbab996ae8a91bd0cdf603883b8e8068fb232

SHA256
2163daf86a27c5b03be86b2d433b04146488b53c926f7737bfec346853464644

SHA512
9f79bccacf9374f6b483ea28f7a203fec2375beed64b46f56797225de9ff964c8761b6ea6f93d74b00759ca9f96f197878f316d920e5ef3c4ed77128d66a3335

Download Submit