b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
Size

1.1MB
MD5

4f6806e3625ed1d498a008922988d2ee
SHA1

f183965b4ab2910af08d3e68992d1895ec232d41
SHA256

b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e
SHA512

2d6b869c09f2078a7e49aaec77c2a4edfca710527235764f7d3e5dbc9ea14a9f0f0c4cdd9055a5f2d143fa28bd37a17b9872a8dcfe1b2721968b8872db0c46af
SSDEEP

24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8auR2+b+HdiJUX:4TvC/MTQYxsWR7auR2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592142126399295"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2256	chrome.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 2256	4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe	82
PID 4960 wrote to memory of 2256	4960	b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe	82
PID 2256 wrote to memory of 3484	2256	chrome.exe	85
PID 2256 wrote to memory of 3484	2256	chrome.exe	85
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 4708	2256	chrome.exe	86
PID 2256 wrote to memory of 3940	2256	chrome.exe	87
PID 2256 wrote to memory of 3940	2256	chrome.exe	87
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88
PID 2256 wrote to memory of 4336	2256	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe
"C:\Users\Admin\AppData\Local\Temp\b68bfbbc434ab88f50fe0fa3bccf1ea1b6bbc7a0da63410b384d99d22cc8d04e.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95ee1ab58,0x7ff95ee1ab68,0x7ff95ee1ab78
    3⤵
    PID:3484
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=2016,i,14119351987671416370,11581405875396873763,131072 /prefetch:2
    3⤵
    PID:4708
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=2016,i,14119351987671416370,11581405875396873763,131072 /prefetch:8
    3⤵
    PID:3940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=2016,i,14119351987671416370,11581405875396873763,131072 /prefetch:8
    3⤵
    PID:4336
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=2016,i,14119351987671416370,11581405875396873763,131072 /prefetch:1
    3⤵
    PID:2880
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=2016,i,14119351987671416370,11581405875396873763,131072 /prefetch:1
    3⤵
    PID:2184
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=2016,i,14119351987671416370,11581405875396873763,131072 /prefetch:1
    3⤵
    PID:1832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=2016,i,14119351987671416370,11581405875396873763,131072 /prefetch:8
    3⤵
    PID:1828
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=2016,i,14119351987671416370,11581405875396873763,131072 /prefetch:8
    3⤵
    PID:3092
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3408 --field-trial-handle=2016,i,14119351987671416370,11581405875396873763,131072 /prefetch:8
    3⤵
    PID:4084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=2016,i,14119351987671416370,11581405875396873763,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1320

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a746a03c48506f31bd3877fc0f7c3f37

SHA1
c392302eba0caa0b1a7e9f24af41354dfeaf08b4

SHA256
8971729520ad7c6231f03815e3e999386409a417624fe8c539a4ef1d61e4a308

SHA512
2217c9534740fe058c858649826e3b75a908fd0980de125a3ac42a0d9e6b874a3b3c9377597cc6ee407e7f6cc98e291669c1e01ecd77b151b19ebb1df361c6b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1d708a40a3e6e04a7c816728a3e904b5

SHA1
ff2c810b87301f1851dd3bf8d42ce5f6f0cfb5ac

SHA256
0280a655fb6a37e65ac8a5d876d40ec2af5667d29982a0dc977d83d99ebc6eb3

SHA512
7333f52ee142bed490fd4dc2c510992453ad745af787b51b969a9b3783fa7347d71ee90ebde5e6d688f49ad7c67a9824a3cf4d8b4e4b0b3762d4ec4e0a9cccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ea337645de99ccde30ed6a05692aca33

SHA1
d1ca75ed04113e13fd17cc6d3bcc5b18f734e9d8

SHA256
e56b4d76329b4a7036abd19b42e06a9d4a1814680e28be90122592d2640bff36

SHA512
f0046e543da316f50d45348030b996aeda2cf6f0e3debeda669da4a66c7e37f9dc908670a9dd34324557c5ee9d163982524dbaee4f5bd5668168f0a907a64bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
eff79abba39cd4ae0f4cce073469fc8d

SHA1
c58e85efb02ef1431ca31dcb0cdaf7b544558480

SHA256
615050cb2803dc1daa06e662ad3851189a832d33dbf31b43186e5f03c9db4c50

SHA512
4ab58eba0446e91531ab2112b67e98d023590588cae91e299349e3d78e7e6533cfc120a4a15a6ec4ea81351c6135e9c260224d59efc9910d7d60e2e687c5f919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a7b7796f09b400d8369bf39ba127cec9

SHA1
4704ccc27b875064eb2f35c03d1bb7927280e441

SHA256
5a828403dda8ca804fcd995845124281ab04fa830b95a1c75cbe09913851075e

SHA512
28d14f00a176423719dc771212c6575d09e872ef95ca1488e0b1f0a8d74b97e1f99c649dd165b54a6fe9bf5c0339fc554de60ead06db4f0b7fe101de95a1ca80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
084c1a752175f67aec529d34772ca7de

SHA1
065c1a2bca0636bda6e0b4f3e1c20b2ed78c81d2

SHA256
59d38914ba1601b2ab4474db2c68a5cd917dbfd4af19782a7166e22f96e158a2

SHA512
50b92e97738d7fde6ded36885e7defdea8f5b4942af0b84970e981a2a400cc2a85d993d0bfe87de33cd2fd70e81ddfbd8b014c4b2dd8a15ea628d39f3a2b7ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
1cd849590624c20cd188f8fa6d31bc19

SHA1
bbf0bc4a10ee5ec1c288580883bc900fa9ba9735

SHA256
b701dfd484b3e5dd516b316f64cb9a8c58169f7dfc43c08eee2c838db3ef3c7a

SHA512
7eee0dc404bfc9cccb269984e3c8027d0ca5f7fed6822825fb25061f7bfd3b9dcedb45d431d0cc4df4a9270454ddc1ed11d9ce16bb074cd18f6eeac86470de23

Download Submit