c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137

Analysis

max time kernel
149s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
Size

1.1MB
MD5

06e9d66ce88592ba38ee7edba7bd681d
SHA1

d498efcc14ec363cc04d19db80ff3ac156454ada
SHA256

c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137
SHA512

ae6d3a7c85a2a1ffe05ec4be9a97cf9eea72a0ae8c1e5c5f4a7ea3a4ad91549699c0cd923950600ca2da4f6140b2cf03acdf5917cbedc69feedcba4276845929
SSDEEP

24576:6qDEvCTbMWu7rQYlBQcBiT6rprG8auj2+b+HdiJUX:6TvC/MTQYxsWR7auj2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\Control Panel\International\Geo\Nation	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586261111919807"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe
Token: SeShutdownPrivilege	3968	chrome.exe
Token: SeCreatePagefilePrivilege	3968	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
3968	chrome.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe

Suspicious use of SendNotifyMessage 59 IoCs

pid	Process
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
3968	chrome.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 3968	220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe	86
PID 220 wrote to memory of 3968	220	c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe	86
PID 3968 wrote to memory of 2332	3968	chrome.exe	88
PID 3968 wrote to memory of 2332	3968	chrome.exe	88
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 3944	3968	chrome.exe	90
PID 3968 wrote to memory of 2284	3968	chrome.exe	91
PID 3968 wrote to memory of 2284	3968	chrome.exe	91
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92
PID 3968 wrote to memory of 1536	3968	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe
"C:\Users\Admin\AppData\Local\Temp\c657902ef42ea6a98882c95d877b81c3ae5ce49c322b6ce58f0ab31c4735a137.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3968
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe424bcc40,0x7ffe424bcc4c,0x7ffe424bcc58
    3⤵
    PID:2332
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,12687301650035042428,3843893052420761121,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1904 /prefetch:2
    3⤵
    PID:3944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,12687301650035042428,3843893052420761121,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2004 /prefetch:3
    3⤵
    PID:2284
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,12687301650035042428,3843893052420761121,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2480 /prefetch:8
    3⤵
    PID:1536
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,12687301650035042428,3843893052420761121,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3148 /prefetch:1
    3⤵
    PID:2068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,12687301650035042428,3843893052420761121,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3188 /prefetch:1
    3⤵
    PID:4540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,12687301650035042428,3843893052420761121,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4588 /prefetch:8
    3⤵
    PID:3740
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4664,i,12687301650035042428,3843893052420761121,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4900 /prefetch:1
    3⤵
    PID:2808
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4992,i,12687301650035042428,3843893052420761121,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:2576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5032,i,12687301650035042428,3843893052420761121,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:620
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=832,i,12687301650035042428,3843893052420761121,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4840 /prefetch:1
    3⤵
    PID:4832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4756,i,12687301650035042428,3843893052420761121,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4752 /prefetch:8
    3⤵
    PID:3268
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3448,i,12687301650035042428,3843893052420761121,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5008 /prefetch:1
    3⤵
    PID:2508

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
cccf414c11deb4ffb928f147cffc7ea9

SHA1
c5562de80a85679a75f69a6f0fad6c5aa1d43bff

SHA256
d249e2f9f5d1272f5f3cf5bfe909a5c0491dbc8ae666be2c21e0f502a3fd2931

SHA512
8f46f396343034b986472cbfac8173590b4b7c0953fda7fa81448290644472fe8f1c6a0e1464cf68f15c243fae2a7702a9e5cd8e3c4e80141555add0d028ed4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0856ede236f3f5c6bc452097fc901062

SHA1
a97e06c0dbe3a86b038f7ee88519f5adc859d8d0

SHA256
657d569933ca26a6c393fad5fc65e10d01ee288d2ef9a52ed63b8861d3235436

SHA512
5fa8a45ccaff5f0044e812f770da21bcfc0d0a21664684218613c47ceb635b957cabe74e79eaabb00ccd03f39d52b3b622d55de2b01f1e430dcc964ed7940816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68963a637b72928711342f1e212b58cc

SHA1
ad26d7d4b2a1d519dc8dfdf2fa82525aa52e628b

SHA256
8645549cc4ef086b8aeabd79c2e597c9537da7fdd28355b7a354c72ae2d3462b

SHA512
155cb36e1c8fb6776f4d61f170f33d6dccc830e32f519462378c65e6a804b7b8e6a46493ddef0b744cb66f6bc2fd36fb4b6d511fdd82d658502c4000cbcd74ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
00552955fab350973feab408f366fa02

SHA1
64d4b35261eabf36ebb29f3a5da8e40ab5e5c525

SHA256
201a0e2fbe5d64d3a7b778a81767de255fb6bbb0c946bb048cf061de2367d0e4

SHA512
082fe471a609628bfa805cd579d7af228d282d65901bf09c39258b23cc7c9a260f0cc127c5ade1cf984942386e58218f98eb08b5b288b39d0f18b398b19bfcde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce0e6cad685ece8f119f15e9757c4690

SHA1
d41055b3899f6e2e11942d3e698da21af37d14dc

SHA256
eb12050b452b96eb57895d504e58ea7c8f8ca5dbbc11d99670351f44dce32530

SHA512
af52919730e1fe8fd7518a7cade77b6fb02c9a1b1b1048f4c24d733cd06ce747a7b7d272d7f8167637b6b6859717db886c6249d8355e8bc734eab2c200d9a75e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32eba95e20af2029216b49982f123659

SHA1
8f64e33efc181b5bbf46910cd5fcfec98f38e6b5

SHA256
6898fd653315ea4337fa5f8ab73e7039788b5e5c7b8bf0b53e6424b1f7f30479

SHA512
dc56546def5681744aa6393c137f4fbeca7451bf260d92a3b30295900953b701083f2fa328cc3c389e50fa3bcbd8f8b4f4e23c8d1a02c6d19c066aa363dd1a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16c4e26dffa1c8e15f20b655caa1a3f5

SHA1
dcbe1723ac95c1bd84b0902ed04cb7db203d3457

SHA256
5df2f82607d092b74a59092545b479299289e6fd4ed7326012ca7d7e87d89977

SHA512
9e34db486a97711e14a351748b6b2077e85f6dfc81d5536f305194f3c2560bbf590fee4f128fed111ca45345d46ac22d57a8bdb4d54a704e2da5c9169e6742f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9a2481fb218f432385b756ef8fcd9df0

SHA1
ccd3d21150b71ef1186701c7c192e315531c3a1d

SHA256
7ed02b5dea0d0f32d3dcc501a1e390019f22f40b14c5216b85072b1c1ebef92a

SHA512
8fe82463906f1af8dc518260285825b199122af4bce551bce88facc388b2ee186792d41182a649a93e7a704776aca78e015756cab30ef066d72907c45791b748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10f36a6e4aa26b6e12c8777a35a0847a

SHA1
b76402890eb3ee42cd0912f2b0ebe7ea068d85e8

SHA256
ed505085dc5a2274a863be81b6c23f6e51784ed4231c293e49b8099622190804

SHA512
331742e80758a39b0af82a8309b7f092569b8dffc1dc4d91dbcae49b2e7beaa1c22d23023713729ce3fa2d65634b425503af7f3fcca4fcba4e5dcd821e15447a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
22b13a07f6a5dbcb2705a7b83757df01

SHA1
f6810453cb3262c19b6aed7f46f8162984a04138

SHA256
e17f9793f0769af5156696f41193106aab634233083e387ddb3d3acc9e84cc99

SHA512
6a2df5a9dce4ea85296adee638fb96d5de577ca896f28efadf8c402534765442ed7abf8492ebae08e0f1dad8c9b69f71ded48adae35c0399884e42b35c052f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
965d1160f3f91e86193be07096258955

SHA1
5782e702403934ccae86b53e9b38e7d2d463cf6a

SHA256
a76bff6d74a2ac4a187b31224638309b184ccf6cd5b9fa228d9c13fbaf6f7714

SHA512
98c398f300aaf37abd2a694862a55ecc2b2e9cf53d966a4b74caeb97700459ac63312dbcd15716992a1a463ddfa30b6e207670c0124c50cdf2aa60e569eaa486

Download Submit