f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88

Analysis

max time kernel
299s
max time network
296s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29/04/2024, 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
Size

1.1MB
MD5

1d0d1194b728e7f76f62aa1e09780fde
SHA1

3a7c0abfaed7785ddb57e2a4b7c0a67097ef511a
SHA256

f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88
SHA512

d88686711c5594e5e2314eaf27dbb3f7ec8a1e77d8cce8743149a2feb191d25f13ac480d3dc41bd6f89860d1fe7a2542874224b46ee42051d690862bef468568
SSDEEP

24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8auU2+b+HdiJUX:sTvC/MTQYxsWR7auU2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588676448732095"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
5092	chrome.exe
5092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe
Token: SeShutdownPrivilege	4716	chrome.exe
Token: SeCreatePagefilePrivilege	4716	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
4716	chrome.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
4716	chrome.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 4716	3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe	73
PID 3816 wrote to memory of 4716	3816	f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe	73
PID 4716 wrote to memory of 1996	4716	chrome.exe	75
PID 4716 wrote to memory of 1996	4716	chrome.exe	75
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4668	4716	chrome.exe	77
PID 4716 wrote to memory of 4320	4716	chrome.exe	78
PID 4716 wrote to memory of 4320	4716	chrome.exe	78
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79
PID 4716 wrote to memory of 4496	4716	chrome.exe	79

C:\Users\Admin\AppData\Local\Temp\f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe
"C:\Users\Admin\AppData\Local\Temp\f43235fceaf25b4068f4a3598a99f695c12912625647b80ae88cb6311bc09c88.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4716
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff08cb9758,0x7fff08cb9768,0x7fff08cb9778
    3⤵
    PID:1996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:2
    3⤵
    PID:4668
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:8
    3⤵
    PID:4320
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:8
    3⤵
    PID:4496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:1
    3⤵
    PID:2936
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:1
    3⤵
    PID:744
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:1
    3⤵
    PID:2360
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3600 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:1
    3⤵
    PID:4676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4640 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:8
    3⤵
    PID:1492
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:8
    3⤵
    PID:2416
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:8
    3⤵
    PID:4596
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:8
    3⤵
    PID:364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:8
    3⤵
    PID:944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2492 --field-trial-handle=1596,i,5793201789060760436,2352213653410977754,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5092

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
cf73dd1be0e107a5fd6678dab144c4b2

SHA1
1dca9bcbceccfc006b92541b25460bd3e6b7054a

SHA256
9de367348b32e3b58cf7cf61a7c4ac6794e93f012b2c07a4e19df077950901c3

SHA512
ba0b7a702dfff2c55dc8908a2d7db0cdfe52d57b7b4f1bcd9ec9f685c99629a42d9826893b4f9dc81ba865599b4f114e0f782ddddc786e4c91d63bcae67d0242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9accbb47b95f1f89c9dfcbe058758822

SHA1
06aa65ab21b8380cff84109a0c9e98f9f0d85d28

SHA256
285988d44005612a6fa5f2a9049a63a75fd10953076859876c0bbc29d813df85

SHA512
fbc7ee99383987ff738770d3275019644ad3512e23c23cc3f65ed745a80cc2cd7760e97b8b8238db0c6229f1cdd610054b5592bf0b78cce37bab6d7a4fb57020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
877bee9f9fcfefc6778b759106e68213

SHA1
365b4edde16b8cbfa78cd0bdb3e2e6a56d527805

SHA256
47678aeef8122c9d53a8e963a55c559215d7b980d18eb8b3024e1e346cca15d5

SHA512
b41152847085d1471512568e68854fbad581829dea8ff55ed1861b00c18b12ee83cb3616f1ba5f19af6b33a40f1c84a08a78008d4536d1e4b54b4d415f7112cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6f7947d98ea9704e5acb1cf289a8567b

SHA1
c2718130e94233ed7c44cea4218fb94c2408e10f

SHA256
a0fc5d381b28788a1f2abb0a6cbb981a79ae05e03aa0636c031b961850e30e55

SHA512
8f448e95d80a054dfc0f1c71aa1515fd5a97465caf3aed6f9be5364e88a1ad1e8efe166fdf066691edcfd4c50073c2528223e3b262f630cd560f796d7dcc9bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
9eb5ed4a6fb6b7a8d8da9e946ad665d3

SHA1
07b0b8ba338f2d82a33fa909003fb97ff3034561

SHA256
8fb6e99d18a3cea8244d13da464e923327d46d4fb4b2f488ca66340a380ddba2

SHA512
1251d6874bc779d4c888dcdd3405333c9f68c478b52c8a05375cbb2a2854ccfb4d0eab47bb15ac9704dd1a4b82c7d6b92a28361676dbbed2c03570e88fa3eab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7711454efa32eefea184056a4c98171d

SHA1
065f549913be8ae298f0339c1cac315fbd39a867

SHA256
27ec2619ae140e90b8d2c54e3ebf255b0c4ae376e05f662ea034e90d4620695d

SHA512
245d129fe8648217d8429f8c8ebc5ec1e145e456c81a68e30945571cc8c622b7e53becf8ebd6513eee45dde8a2100aad0fe1bc08a691af8d02ed7e2194b5fc00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ab730db4770521ff13d1ef16bb5d529

SHA1
2a67e4c9c95d7b2d04b031c88ce8ac9df4c9ebb2

SHA256
c456a33ed3c1c27ca95d08ae8de28ef80cbbf307218fad330213e2c871d4b282

SHA512
d57770f486458e683dd2a28091752ce4a16654024a7becba8503d2deab32ed4cd33c6f9c6df1e25a5e619b96401207326487416a5d5fa2faa394a0f9213c2e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ee8da358e6395b3f58e14d20402a5950

SHA1
f729aa86634f89f9ac7a6facc6a78cc2e88f5782

SHA256
8b7c27fe868b11b617357a5e2d909e1d65c9d74f1911e6182eb3e80590c4d4ac

SHA512
74f2eb8ebbd394a89409657016d6ea48684523f3a7871f6f547c606f615e04999d3434bf2df2f859c2a50cce3916fa2c335da8c756e4928045f06d12ded10313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
bb40001787e3489191476ba0cfb2b729

SHA1
5d7d635a9c1cf05f353c105a6369809171ad044d

SHA256
88be372103b4ef9f30f9975b92f3903f23f4c0e180961ab0ce98b09be7ba6a87

SHA512
be6911f901aed30ac7661a2d9025ec734dd5e063e79327735ee017b33869da7546a7d0248788aa2e653d6ff9912d3d79a08f6bd5d786cb89ecd7c6bfc46d456b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
c1c4ff3878fa530b1e333763eaa591e4

SHA1
631a4783e2d4a74ad1bcba1ac656a35546942b14

SHA256
1c1f839df06273959eac82f79e1f646d838fdb759ca129d5ff40a659aec546eb

SHA512
9ae390878e22815c572c3772ada371604c621069f23aa8f845e6283b559c1af502768367a115b9bc9efe927a0ededae61807bc0005ea4ba3b34caa06f18842c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit