7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25-04-2024 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
Size

1.1MB
MD5

3c0e9766b3871534c9ce1cb3c1bd6411
SHA1

51c16a07072426188274a51ed54f9221451d3d07
SHA256

7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3
SHA512

43f315a302619547012defee1a136d9fe209fa4049fd6dc9ac88cfd4c8d721aa095062869c175219c4244dbf7d67854b15e5e0aab0c61aa2a2126f62c1f0bf98
SSDEEP

24576:vqDEvCTbMWu7rQYlBQcBiT6rprG8auX2+b+HdiJUX:vTvC/MTQYxsWR7auX2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585253492483810"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3777591257-2471171023-3629228286-1000\{AE014AF9-D85D-437D-A640-232B772006FA}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
248	chrome.exe
248	chrome.exe
5016	chrome.exe
5016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe
Token: SeShutdownPrivilege	248	chrome.exe
Token: SeCreatePagefilePrivilege	248	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
248	chrome.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
248	chrome.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 248	4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe	81
PID 4824 wrote to memory of 248	4824	7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe	81
PID 248 wrote to memory of 380	248	chrome.exe	84
PID 248 wrote to memory of 380	248	chrome.exe	84
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 3932	248	chrome.exe	85
PID 248 wrote to memory of 2076	248	chrome.exe	86
PID 248 wrote to memory of 2076	248	chrome.exe	86
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87
PID 248 wrote to memory of 3640	248	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe
"C:\Users\Admin\AppData\Local\Temp\7c813337ec7128442715e50e9206b28eeeeef151d1d9e2feb811813c44ff0cf3.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:248
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffcf72eab58,0x7ffcf72eab68,0x7ffcf72eab78
    3⤵
    PID:380
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:2
    3⤵
    PID:3932
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:8
    3⤵
    PID:2076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:8
    3⤵
    PID:3640
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:1
    3⤵
    PID:4148
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:1
    3⤵
    PID:4980
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4120 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:1
    3⤵
    PID:4664
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3180 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:1
    3⤵
    PID:3824
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3984 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:8
    3⤵
    PID:4676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:1040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:8
    3⤵
    PID:2560
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:8
    3⤵
    PID:2872
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:8
    3⤵
    PID:4792
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1812,i,11311235191291136096,665638374884542549,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5016

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
8946936280bea8bb7c47efcdf6acd803

SHA1
7313ba84d8edc010223015e5dbe9793ebfbb8c22

SHA256
7c2f037142a2043107d85ed23015c7aaaa2120aae3009f3b679f99dfa6cde99c

SHA512
4854081fa8030fd8a5629eee2421d426a9d0608be33daad950e0d6d5190a87c89a51dda6a782c1a0bcfc4cbb0ae9ae9e633c3661e902ecfc8c4879baaa095b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
735b4f71dac51e1c775cf82cdd4d768f

SHA1
d7a10b6f565ac79bbfa003e367af0c8b989aba5f

SHA256
c9cb9f9282a2de8ce58ccbf945a225c3c922d57f975262c59aa73dd756190041

SHA512
6112eef80edb4448501ddd2efd84aad38219386a75cc3bc2723fce09db0b4984c5e0b71d67d1cf6c99c4aad777c466258a3b77b47c23ecba251995e7081b2595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8832beb7a7a28d1b61c1bc716c6c49af

SHA1
63ea961ecb08edd69c08e525fc79a281c77ae3d7

SHA256
2a7457595c15fc96eb90e2fe4b187a285058d1ac99f088a527d04845e3c740aa

SHA512
5e55f3aab85afa4adb273589a285509c9707f6d55f40584dbfb5a2169c32aeb2d0a25c21a4cda6043b07ed35e45deb2341d29c2d38fea0175793ed65d3189197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
55fcd6ca5fa8a4533b3fb249dd02808d

SHA1
0c05a5e8e3d2de3da8bd8d6da5bf9f24154eb339

SHA256
4a38f40d127705b8936d00f357eff350c64506cb7e503eaf06f245982e7e6ab9

SHA512
a6eb185dc628989e49318e085120225c54c03720aa67f0666110e9e7e3e66aecb140c25a1857c1b5a6409b97fb92fa249da5c9ecec2210667679a306a29b8b24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
a0384d9c5b0fe7f7c369d58dfd8e07b1

SHA1
8a4e75becf3c8da5a1bbc5925ce995dbb4bd5a42

SHA256
9eef5492539122c28d5fc60a8aa15778219c8aa9140bf808e96eea489dc05525

SHA512
f79c5f96a4823f4737e61afe49fe637a6b7b77a3bfc6ab9fe95d7efbf18e5de5a8e95e844b3211817531e27f95b3d53f7d56847ea9fb238b100f27c493ba0ad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c138626786fa3cfea442005e283a6d0a

SHA1
53667d712ff8fbdfdaea2a9b8948742ba2588be6

SHA256
599ac46ac43e83a42f9879a006ba9f1ba722974954583243ace5b41236058eab

SHA512
fe736e4ac5bf41e9e4c1d06511cc51c602914801962b3879730a689803ba799acbee8add02e3ee318cc437b7c50e2f3f28c47df8aca76ff71d834bfa236c8e28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c78a385b0baa9357b96e2c33b0cf71bd

SHA1
436165a4f8a10c48389928aa5a50870c4f8c4b2b

SHA256
387b2951bd6ab249e4931ebc0adbc315c0a6464a23ef19caf5d316fa5014c708

SHA512
658ae5d4ec4463ffb326192334d36ce560f8fab3a8d8916d640cebd5735eb0b288eeebef400f7043ff21ccc54fd373c495a251eb775634b1d8fbb97a83129f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
9a4ef858e02ec5ee54942288496efc2d

SHA1
6aba0eed34944f9aed3f2bdd79dc064bccdf6db3

SHA256
d03fa8d07c43b87d59ba86680128c20b0f106cfcbf2ed04f06da7b3e770ea0e5

SHA512
e3ae562a822c759534c8bde3bcf2a2b6ce94adb8a61c5f0f29e39a8948d05b45f515c80ad1947934ea168c29270c7175e522d0dcd29016690e63038137e88efb

Download Submit