5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25-04-2024 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
Size

1.1MB
MD5

3143cd8f56bf599b3cfddaf9152d445d
SHA1

33b83cd5d719be2acd908834ce7336d805b35c6a
SHA256

5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2
SHA512

7f2066faa7f687aa984d26837106f6fd09028cc37877906ba1a9a5bb6ea4adc7ad791fee77bac1abcb97916c08eab347c0804f3d8ed3b338fef1b933a1759fdd
SSDEEP

24576:oqDEvCTbMWu7rQYlBQcBiT6rprG8auh2+b+HdiJUX:oTvC/MTQYxsWR7auh2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585125199826229"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3777591257-2471171023-3629228286-1000\{13B4AF7F-2469-472E-AFA2-245219757D74}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

5076 chrome.exe
5076 chrome.exe
1216 chrome.exe
1216 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

5076 chrome.exe
5076 chrome.exe
5076 chrome.exe
5076 chrome.exe

pid	process
5076	chrome.exe
5076	chrome.exe
1216	chrome.exe
1216	chrome.exe

pid	process
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

Processes:

5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exechrome.exe

pid	process
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
5076	chrome.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exechrome.exe

pid	process
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exechrome.exe

description	pid	process	target process
PID 864 wrote to memory of 5076	864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe	chrome.exe
PID 864 wrote to memory of 5076	864	5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe	chrome.exe
PID 5076 wrote to memory of 2104	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 2104	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 1488	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 5080	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 5080	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe
PID 5076 wrote to memory of 240	5076	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe
"C:\Users\Admin\AppData\Local\Temp\5f4a7d44b849b744b38f11fbb131743324c84705ec16ae7a1f0789f4f35e49c2.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffab721ab58,0x7ffab721ab68,0x7ffab721ab78
3⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:2
3⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:8
3⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:8
3⤵
PID:240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:1
3⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:1
3⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4172 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:1
3⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3940 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:1
3⤵
PID:1376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4384 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:8
3⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:8
3⤵
- Modifies registry class
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:8
3⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:8
3⤵
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:8
3⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1476 --field-trial-handle=1928,i,1509834118951761911,5948346529276682783,131072 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1216

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2092

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
d9b9c0fb31ea483f5bbae1ebfb2a9604

SHA1
cb1a904a2f17d99b423d536e86833ff18809b04b

SHA256
83972b7f78f396e73e64a67693102650c862ecf6a4aa4894314b1b1fbe0a0d96

SHA512
78d73289503b2ea1d215049eefb5917e04227eeaf1508d7c974aeefdb544643dd761e5865716a74c2c5543e9920ac3896e81aeee148aaa72cc8e3bd011afbf1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
b03e3f6fc140be44008232fc2483388b

SHA1
6575ba80e0dbc9fdabc59381f2f1bd2e0d454306

SHA256
06306867e1cadd69c2789b05bbf6731966fd080383b6bd609f49ff8463c69a61

SHA512
55e8fe23e1a47920c9183325a9ac44df9ca680b0158c83ed0765beca3717ca3a987c3841938fb21056623e25dca2073811c4e1777d09f3680a868595dbbf1ab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
4093551d5677b64d64940a3d91e3b7d1

SHA1
42754491fc3ac2746d4d614867e38de6a586b169

SHA256
0accff43412e5085bd2105244cb3b0f5976a5911f88214f403a0059a699b9a34

SHA512
94e6a0317ce6262ce18a4db2fa760112144da4e7a46222c3d3de862d7c4601fdabe2c4224d42ef9dc8fb8011f989f45733741cd8d3408614ed4a25356206aec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
414846245c980ef9d0bc08ca309ddd72

SHA1
6996a1b97bc4a16cbdb98921f12e83cdff6c25c6

SHA256
3e300b820c7a6bfa2ccee777b73f6358b3b01197aa9aa5746d240302e41ede54

SHA512
27c8b53c995edfe41666893ed4dadd5912fe68143a695c26808a103c3bc53592e5632c54d560d82c016bed9b83e2ff05303cee1473a874c5395d1319ef19d565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
ad6d1d920145a18485dc812a6d038087

SHA1
26cd311612387c3783479a26b1204f9b89ba780d

SHA256
acb302b710e9355899b44c92b38b14dc7ce9a749fd49c2adcd1271b5665ebb6c

SHA512
3e9414c1fe32a540625aac0f49fe1b1f78efe40d492a850b1ba6d9187942d3e1e49b1c7b23ad5df1b90800de04f9faf791485ee621f330c9be8965f98b486449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1e0da040ac6f69e9827cc657a38b1edd

SHA1
6fcc46e9ddda129fd0a1eccf8334d015f26ab61c

SHA256
968f6ad02235891c0fa74ab4697e487b187131160f5169eaa05da95df84063a7

SHA512
6bd32760f01d7bf5ba9fbfab659c17604eba7cb6a562abda4e77850b6566ed1670c21a304d29e8b3fd553f4384f344a263abf6338d3589a0af591b446d2a458e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
fe4a8533a7c7156eae537337d9006a30

SHA1
29a33c1570aad4a45ada8fd79ab13c4b470a1da4

SHA256
cdbf30ddc7c670ad47b7c737aaeac6a32fc400e49130d0b86a03d78d1e67d32c

SHA512
43d9d8ffd60681d68ddbeccf103b6b24018f7577be4d8d0fd66679323a572b1d0dbc8e0fef448d8f13b4b53ca3ec2bee5b1a58e1dccae9744d0136252c37b0f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
628ccedfb1b3a8e8375bf6b049da6d54

SHA1
ec4eaca4946ab03170b7e858d6e204742b5e2b10

SHA256
90bc05cc9aa1392d08e3d73049684bbe3f2c437e3fe5c3440e64afc3d4039631

SHA512
5e7a60acb8cf3a53560a5a04cf53d833da1a59083bdabb7e7066ada36704670ebe7c00ee38720e16df56bc1f4620e8e700941ddab033f4fe2af2f66744c3e19b

Download Submit
\??\pipe\crashpad_5076_FIDWDVKCTZKDXNKW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit