38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
02/05/2024, 05:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
Size

1.1MB
MD5

4d75175c65da3eac9799eae3ab58c0f4
SHA1

4a7279866adaf8e96236c51de4a3f405a378bec1
SHA256

38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959
SHA512

2e4520e35a8b047857a81501632b2e27a6cb24ff744a0a4c919b485989df9639638144a2e932ed3691fb461e61964889b270f3e9cc9461ee2e48713ec559d7d6
SSDEEP

24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8au22+b+HdiJUX:2TvC/MTQYxsWR7au22+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591011427038639"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3912	chrome.exe
3912	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe
Token: SeShutdownPrivilege	3912	chrome.exe
Token: SeCreatePagefilePrivilege	3912	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
3912	chrome.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
3912	chrome.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 3912	4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe	78
PID 4836 wrote to memory of 3912	4836	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe	78
PID 3912 wrote to memory of 276	3912	chrome.exe	81
PID 3912 wrote to memory of 276	3912	chrome.exe	81
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 1648	3912	chrome.exe	82
PID 3912 wrote to memory of 920	3912	chrome.exe	83
PID 3912 wrote to memory of 920	3912	chrome.exe	83
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84
PID 3912 wrote to memory of 4212	3912	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
"C:\Users\Admin\AppData\Local\Temp\38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3912
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff92ff1ab58,0x7ff92ff1ab68,0x7ff92ff1ab78
    3⤵
    PID:276
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1748,i,3405097936671498524,8239300946275921529,131072 /prefetch:2
    3⤵
    PID:1648
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,3405097936671498524,8239300946275921529,131072 /prefetch:8
    3⤵
    PID:920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1748,i,3405097936671498524,8239300946275921529,131072 /prefetch:8
    3⤵
    PID:4212
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1748,i,3405097936671498524,8239300946275921529,131072 /prefetch:1
    3⤵
    PID:4756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1748,i,3405097936671498524,8239300946275921529,131072 /prefetch:1
    3⤵
    PID:960
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3808 --field-trial-handle=1748,i,3405097936671498524,8239300946275921529,131072 /prefetch:1
    3⤵
    PID:4980
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1748,i,3405097936671498524,8239300946275921529,131072 /prefetch:8
    3⤵
    PID:1408
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4376 --field-trial-handle=1748,i,3405097936671498524,8239300946275921529,131072 /prefetch:8
    3⤵
    PID:3220
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1748,i,3405097936671498524,8239300946275921529,131072 /prefetch:8
    3⤵
    PID:952
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2408 --field-trial-handle=1748,i,3405097936671498524,8239300946275921529,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3552

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9cc9166e0661dcfe2c599e652d7e81f6

SHA1
ec9ea0baeaeea6eaf9af73a75fa86214e5cb97ec

SHA256
cc6512e412099682e2ae4bed960466b55bd2ae2463251fb9ce99d4c1e80003e4

SHA512
01d7c565c0789bf605307bf12a4554b7e624d2b1cd1b35c8007f6f2f919bea7ee7320a89c0978e333e9c12b8cea48e6bd4b863112a03c7319abd7899e7fba3ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
49aeaed0b3d6d7090cbcead02ae3c5bc

SHA1
6aea005b728df7571291cadbc0de1cc7fece70ce

SHA256
0d42a43588268af20551bd0861c66f238133ce2693d5fe95bb47d00512611338

SHA512
4763f3b11f672bab7e9b6a20a6156450cf52bc9de82b5958191783cb20d6ac8647a380040ac0d26e41d5731dd27b34b0d88015ca2820ce5369b11ad43c1138e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
252bd7228e1ed1e05b4e22a9209263ca

SHA1
597a638f270161f1f3b1bbf51fa7034dbe14a8a7

SHA256
3dceedd56d5df7ec68fb1507a99a6e449d3c485ca540df3d745959c2554e3f44

SHA512
a3c7168fe59a08bbab37c356fbd854e3294b6e5663535c6838b0d27d9073a057188d0c7f499ce64d8f4dba34b5d71acfefc667f330e14a77d814f6d1728931b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
fcacbb3dce566170e87f4f4cbe5f7d29

SHA1
7b43161057b0c578b485016aa40af21b5b61d00e

SHA256
cfb40e726a71bf52fe2f19cffe50d7cba32eecf3e245cb1f48ca0c7d5b718cf1

SHA512
b2a0b88ec9f9b002e72249ad6deaa4524b4d9fce6b6051703232e487f6433a8153761211d5c0bdb49352678ab730075832a3cd3345936df1eb31ef90c07a4ced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
15dc44d4959d458b49330381bba4dd8b

SHA1
891b9d6b494139125d1d66603f2a8daabba495de

SHA256
7ca23596a9c768c3b607d8d4c288e465745119167b43a70f07e3e3b87af4e158

SHA512
7c6d7abeb62c9d2f604cf1a1754d9dbefd24829669ab912fca693bc2da6a886e55d8bbb42d171d2b7d56670620cc0a768af86e2430a54b6eb819963c9820ec6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
dcc79726e8952b16ad379ee92dd60689

SHA1
d26d3d8b931914bfaf3b31f9210ba94d113fbc25

SHA256
ec56387d4621529f1203786224a5d9493806899381fa6db0a753d42d57bf9de7

SHA512
68e3d228f3ac71990eb8cc97f86c8e2a4926fe065ea77e68d0a2bf1cc767fb924cdc73c982dd53ad2f4c8038626b19802ea370dbebf6877e6841eb5898525b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
6446a67c1514071e9807da7a8f058260

SHA1
7b987ec462124b9788f38aa18aba44ed0f15198f

SHA256
b657ee944e347f36b6094abd860c7c6415f3de6141f2ecbb6b6ddcc7fa7d1d15

SHA512
98925987e19a339c073268912b9df56e95c01cad979640f7d766e1f40804b6a0ff8e426ff07b628daa1835f96d19273846a339149eaef3aab3581332f0f27dcd

Download Submit