d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25/04/2024, 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
Size

1.1MB
MD5

a661734007ae07c121ba825477b4c52e
SHA1

8012675c31250264317d7819ceb31a61181c0f20
SHA256

d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2
SHA512

e28be33541276a021d860097a570458fd1e3e0f5390438aba6fd8ca260a2680ef61161f279724a8d2cd1cbe4108d8ea1101ce11c6ce5e17541433b011571145d
SSDEEP

24576:BqDEvCTbMWu7rQYlBQcBiT6rprG8auz2+b+HdiJUX:BTvC/MTQYxsWR7auz2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585396577005610"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-834482027-582050234-2368284635-1000\{3FB463AF-96BF-4385-9F4C-0363785D0651}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
2216	chrome.exe
2216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
3512	chrome.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 3512	5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe	79
PID 5092 wrote to memory of 3512	5092	d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe	79
PID 3512 wrote to memory of 1156	3512	chrome.exe	82
PID 3512 wrote to memory of 1156	3512	chrome.exe	82
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2348	3512	chrome.exe	84
PID 3512 wrote to memory of 2584	3512	chrome.exe	85
PID 3512 wrote to memory of 2584	3512	chrome.exe	85
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86
PID 3512 wrote to memory of 1172	3512	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe
"C:\Users\Admin\AppData\Local\Temp\d2d6f77c1139eb8288ae6a2bac970f7a15edaa7ad6daa7f17ff5462ca1ec0ba2.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3512
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0x78,0x10c,0x7ffc6752ab58,0x7ffc6752ab68,0x7ffc6752ab78
    3⤵
    PID:1156
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:2
    3⤵
    PID:2348
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:8
    3⤵
    PID:2584
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:8
    3⤵
    PID:1172
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:1
    3⤵
    PID:1692
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:1
    3⤵
    PID:3760
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3964 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:1
    3⤵
    PID:3488
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4396 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:1
    3⤵
    PID:4936
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3292 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:8
    3⤵
    PID:4576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:1896
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:8
    3⤵
    PID:3992
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:8
    3⤵
    PID:4288
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:8
    3⤵
    PID:2216
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1704,i,11404783213884794023,11841396395902035130,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2216

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0b68c911-2acf-46a3-bcd3-5e6f1985d513.tmp

Filesize
7KB

MD5
6c4e9a76e0261bb5b1d125f49cc65dc7

SHA1
2750246913b702ed6b5e85928cec94fe46110941

SHA256
cfaee2790ac535443d91bb5d755734222668b9706a6de53f11efdb7c81bb9cd2

SHA512
aaa5c4dc66355289d55225a69ef9c0b7c5f775238070bb7cf6d50e1ce25300d1cfcf7508da02f3b79c2dc58b66b80f9b5395013d09dd7ed794dcd1eb9d646ed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
a18d74b9f617c542e2cb7f0350e6f3a9

SHA1
277764ad721c514c3244661de55481fb41479958

SHA256
8b7cab6cff89a7686f672b97244f23f3eb860f0511d206406700a309a0428319

SHA512
345c4d3f145510525f289cdbd3be6f6af3e6e7c671cd311b0dfea2b220c263c2cd9f203b767c1c3080b29e20be5fae33f0ca42983e31b3e9e3f8779f8d052eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
88575a922eca36c73e6437b5ab66779d

SHA1
ebd4aff78d246ebb33db6c9efcf2f875a05d13d4

SHA256
4d8d6ea5dad77689bd7ca012923585bd511f01a2b4d846b5a656da2cab6a3a7e

SHA512
94fd4d5e2017d58ccb78e26ad242c7e404cbcff97bbbf1299f089d65e42999086025a46f9bd986cbbed72db39c356acb9b1f5508d097b5c4528fc79980271580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
03ae79bd4e1d2fb3e9881f94579b791c

SHA1
dd79ae83342784d42222fbdf1d4e6b469cc0bf80

SHA256
8c96cecd29d6fe02b9b7b985cbd21664d8bc7498eb728562a2a726477fa4e0e6

SHA512
7635e4246f753ec278d906132b8029b7d51c5c14056fc5b8613e86ed7cdb77323e9d72ac3fdf702830dd8a1da9a66ef61b8bc52f34f996c450bf733a7dee34a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
33361fd05a2e123a91229dd8bb527ab3

SHA1
bfd383061e52b3c5514aa0bbf7c5a038082ff08d

SHA256
ab90649d8f20bd684ee7711e4415e4b4eadbe399af335d62988eb5220d27a812

SHA512
c42a79dd2ea4357330ca0beac5f780983fafcade91284b83cd742965b7d93a999282b6449554728d16731dcad76abacd4004f76a40d5006e5acd3f64d8c88475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
92a08b8131dad96ff4c69758a7c02034

SHA1
5280f284864e5170978246ef32aafe56300931bc

SHA256
234a4429e6179a6742006a8af5899b19fa8b00c99aee6a7a5c1082dbdeebc701

SHA512
31b4be25b479d04ebd0fc15b48a039da1aafb23366c0fc3a0a507521b2718aba47546fa30cd558e9e00a3348901fb1b2c70536bf33635bade29bb296153bd276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
57e12eeca8399dc30748131cafbe1b50

SHA1
7d1c1ccd7aaf12d4f56159736be439717f25224b

SHA256
e384699a99d83a5bb42e90d4871ce0d84ee71c3952a6b8aeb7d4aa32b333bdc6

SHA512
7249f9563fc54de3f1be1f336f5c6e5e527c238f798b106dc034d958f75be48e6a054cb276ab6a8a43cd35ed7a40ca9490b5aca67a281509642529bb00246ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a7260674-1115-4098-affc-683da797ab7a.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e6298ac65ebadafa27569ba396849643

SHA1
eb6c81a27baef7521c4b71551081b6353c9f73f4

SHA256
0d68702ec777effe1c3d5e576981cf2e918538a514b645c10bc6b4c53a8fd94a

SHA512
cb836e1c01c9df21d8a5c220302fa78c06abdee7f113b607112a2bb01f2687b80b363ae20168c33bc366ca2619d70ce1c5bd4049e05684277f7835027464f7de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
6727286180637598f62242662de75300

SHA1
a508ea6d7bfe9cf5914bde31c154417ef56b5b4d

SHA256
d55c06dead90ee2587d6fe5539a55ef71fb9bc6899b0f54838fb4fc2035cc9e3

SHA512
4a071ecbc5f8a92e4305b7285e640076c42fecf48e2a400c8e928fb319d215390966ae8a9992df86c30bd1f74c6bdbfb9df7e864586e4b3f8070c4b9cf701b80

Download Submit