25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25/04/2024, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
Size

1.1MB
MD5

5fd417112bce07601f653e2a87b7e48b
SHA1

7082198f04e69a13a9e92a5732b4203fe623d7e3
SHA256

25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901
SHA512

404f07a27b7dfab4d75d5f2ebcc5cbfe1ee5a434c22f7f26b4ac6e31a72363b643b1370c0bd5769271f17a3d48647f9abfa0c84e6d943217e30c656e0ae25851
SSDEEP

24576:PqDEvCTbMWu7rQYlBQcBiT6rprG8au72+b+HdiJUX:PTvC/MTQYxsWR7au72+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585519925466768"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3777591257-2471171023-3629228286-1000\{60E1AE14-D412-4618-B186-52FFAF0B6C93}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1128	chrome.exe
1128	chrome.exe
2144	chrome.exe
2144	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
1128	chrome.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 1128	3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe	78
PID 3860 wrote to memory of 1128	3860	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe	78
PID 1128 wrote to memory of 2796	1128	chrome.exe	81
PID 1128 wrote to memory of 2796	1128	chrome.exe	81
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 2400	1128	chrome.exe	82
PID 1128 wrote to memory of 3092	1128	chrome.exe	83
PID 1128 wrote to memory of 3092	1128	chrome.exe	83
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84
PID 1128 wrote to memory of 4688	1128	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
"C:\Users\Admin\AppData\Local\Temp\25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1128
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffaae93ab58,0x7ffaae93ab68,0x7ffaae93ab78
    3⤵
    PID:2796
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:2
    3⤵
    PID:2400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:8
    3⤵
    PID:3092
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:8
    3⤵
    PID:4688
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:1
    3⤵
    PID:4360
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:1
    3⤵
    PID:2136
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3944 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:1
    3⤵
    PID:4012
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4344 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:1
    3⤵
    PID:676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3280 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:8
    3⤵
    PID:4976
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:1848
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:8
    3⤵
    PID:4396
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:8
    3⤵
    PID:3592
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:8
    3⤵
    PID:4740
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2380 --field-trial-handle=1812,i,10450047373300279867,76871050762154569,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2144

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
c40fa1ce6ef33c571d683b93e4160357

SHA1
14db8e312d1a6ea72299c309b8322abd1b2832e4

SHA256
160f08a1cbe0cf6ce4a2b380f263abc5addbde4b1e76c43a4691e16b5cb602f6

SHA512
927fefdbf2b527576eacd724676a0cf8db7c74edef0e6a48620565501b8739acd1120d38431651cde8d83a04e22afdc37f32777269816f4b3e3e94bb8cc9c280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
912f4798b2ed907ae75bbac500301646

SHA1
a1b42858d7f7a51be61731a53e75b3494cf14c3d

SHA256
b4f792643f12e6e6accedfe8d42883f814dae094b18bcb24bb4d3561d2e3e2c3

SHA512
7927186210eed09623d93edf4f3b2ff39dd9532f628aaaa0763cd889492b3feed6e041546b41970ffa31fae8fdb7f67d98146738716709fdf2cfd464e9fc3115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e4b466061b0e5e9305d384f9d2052bcb

SHA1
9010b9cd5f975b30462372cef97a4d6155c681b7

SHA256
a7a18fa7660f58a7938362ad93cc76c96ffdcca273934ddedc94b676571576be

SHA512
cdcab3d4b793c4909ad4cb74a9fbde01f96e050b0b9954336a92e334bf7ec184c3ec4fdf7941af31c45b8398833f0885c8cf2f77f68d6d87d7d3147e1980573c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
d1e26ec6b4d8ae84fcc6e8ccc47de3b3

SHA1
00b499b856b896491f892325a779434f1ee6ba05

SHA256
75dbd15ee1ec26472510fdea1ae22602832594d03da9ab79e7f5eb99daf60cdc

SHA512
76213160139139639b3e3cb2c3b5d522e63488610628ab03f3df3669b744e03116ad3dbe48dc6a5896a22cf0e6eac4d5c58f9ab0d2bf3d9dbdfc0e43848a4d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
e8eff6f3e1b1c5fc284009f4f81b0f1b

SHA1
973cffa277d34b287ed13afa9090d4513f08bd89

SHA256
0fe46516519ea77659c98c7544814c5ee09e26e768aeeb35911cdb35f3a0831b

SHA512
72a6fbf090f8aac9439f2944c9553d60744d54f8e71ba5285348a6bb7287ad2c6779a61062b9ca51946d6526aef290c1897d14a1dbd92e816676e08ef1c583d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
c07ee5ec1bf2f765a7a3c2dcfb6b9636

SHA1
f3971acb10048500e57534a78aa1e50d3e02df09

SHA256
fcb09e7ac61ece29ce93ee4a311c8817ae2e0a7e5a439e8a27ed940538780001

SHA512
69e1c27a46c76ce87dd42143a327438adaeed332ca68867e280390a53d6f706989801ad6bab320fff2d79a5172bc079badbe58189ee762ec1155ddb73bdadb67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a8078eb6ee3b30bcfacaccfc2716b47c

SHA1
b4a7c9816e936fed944fef3aafa724a24ba59108

SHA256
9d502e67bfb85fd6abc35a589b24848c086cb504fcfcebe485951cf9d04f6517

SHA512
2aa0161234be19f1b95af9e313e96465559503005f7316edb98f7f727555288efb8fd5633c0f4a756b5a1ea652678c19689f0f49eb19bac126ac117de067d7d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
61935e4b1890534a95382a7378b0cbcd

SHA1
d41b8e28a79c448784d305aadafe208d176ddd77

SHA256
d3cee91225c3a9e26e37cff62da532984b61289630c51eff68a0b6e1cdf1fd7d

SHA512
dd003f6da1c4359306809907bed9367696cb7a6a82c0a0145fde501dff527555052d84a9f5829b903d3e720c8ca8ac09ce7008baf69439a55ea6841513d1072e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
5ab9f29a586c49f05ed2ee0c461e56d9

SHA1
cac9bd1dc9247d8587aa5011c935362ac4dc9045

SHA256
6ce1a7f1a27721f4bc9d2c3e05023f0433c1b760740e2b00126c1ac7bc4616e1

SHA512
113ebd991df0262d076aff4cce29e85e8399422547b408374e0f212ea4dee2610b02ceab7a5a82eef3b37721681e3efd8ca7b30c77eea0c67b3516586b4a8d13

Download Submit