47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea

Analysis

max time kernel
300s
max time network
302s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04/05/2024, 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
Size

1.1MB
MD5

468466a78bb6d7c50083a60d9727fb3d
SHA1

fb3f19c535194e396a589830d6a84c792af337d2
SHA256

47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea
SHA512

109598d6e3ce7620b2944e65f33392e33d89cdb26c45d587b8a8cf8de41bb0f3b2adb2feb18f573a866cc0bcbfd89053bed379b84c7ee56911ef0919517093c1
SSDEEP

24576:3qDEvCTbMWu7rQYlBQcBiT6rprG8au32+b+HdiJUX:3TvC/MTQYxsWR7au32+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133593353210160486"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
196	chrome.exe
196	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
196	chrome.exe
196	chrome.exe
196	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe
Token: SeShutdownPrivilege	196	chrome.exe
Token: SeCreatePagefilePrivilege	196	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
196	chrome.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
196	chrome.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
196	chrome.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 196	1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe	73
PID 1940 wrote to memory of 196	1940	47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe	73
PID 196 wrote to memory of 1068	196	chrome.exe	75
PID 196 wrote to memory of 1068	196	chrome.exe	75
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 1440	196	chrome.exe	77
PID 196 wrote to memory of 4656	196	chrome.exe	78
PID 196 wrote to memory of 4656	196	chrome.exe	78
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79
PID 196 wrote to memory of 3612	196	chrome.exe	79

C:\Users\Admin\AppData\Local\Temp\47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe
"C:\Users\Admin\AppData\Local\Temp\47bb38f63e48e0f484f6c47d00277fbbd931e36f2d8fcb1b17feedd00e9a2cea.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:196
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8e5bd9758,0x7ff8e5bd9768,0x7ff8e5bd9778
    3⤵
    PID:1068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1816,i,2195260185870836599,16092510266880449708,131072 /prefetch:2
    3⤵
    PID:1440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1816,i,2195260185870836599,16092510266880449708,131072 /prefetch:8
    3⤵
    PID:4656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 --field-trial-handle=1816,i,2195260185870836599,16092510266880449708,131072 /prefetch:8
    3⤵
    PID:3612
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1816,i,2195260185870836599,16092510266880449708,131072 /prefetch:1
    3⤵
    PID:4552
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1816,i,2195260185870836599,16092510266880449708,131072 /prefetch:1
    3⤵
    PID:1784
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=1816,i,2195260185870836599,16092510266880449708,131072 /prefetch:1
    3⤵
    PID:4084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1816,i,2195260185870836599,16092510266880449708,131072 /prefetch:8
    3⤵
    PID:3844
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=1816,i,2195260185870836599,16092510266880449708,131072 /prefetch:8
    3⤵
    PID:324
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3204 --field-trial-handle=1816,i,2195260185870836599,16092510266880449708,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5000

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
1f39ee79bcf915caecb5daa85a4b473d

SHA1
34e7b7675ea667b92f9f7a9af09c0cc66e8018d7

SHA256
a6ec874ad86f3929ceade8b1d2fe4ed442b4f63712228ce2b3a9c87f4a11639e

SHA512
f5a4a08d42e675ed62248850a2eb21dafd406786cc0e5c266db7e26d3cd46132951f2f694e1b367492ff62cefe363026d38c1aa5cd7343afd0d653db2205a880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
aa413522f54e21da29c4ebb14e38b810

SHA1
3cc9e432d67d0bca5098a991b58b34b9a16c12e5

SHA256
4f71c023894cf44f429c99e643ecfc3c61e20175b6d834e4353d2311d2cf1612

SHA512
0210b79eac5d5f828bb861617ec015de5d82ef47ceadef60b31d4331e648b444af9e3d07a009f2f506070e87fc11887c269d18bd545fa8cadc7e47f26a3f8826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6f48f591a852b89f55ffc41b0b333323

SHA1
30a4150f0d12a385c2f09183ef8e88a748b84cb0

SHA256
0ac71aadd632a4645e9d20e5cda78fa1034db98c254f05d46fb328fd72e98f5f

SHA512
1a8d09789a45c5d209309ef10f1b09f49aaa776acd67fef2f2ca5a1dba5a5dadded75360d6f079c26808d64c233375736d5672dbe2cbb5d6b53cff15d462026e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b9f3df517b641a14e06ef41697f5c0de

SHA1
8a56a935459defde05640c94ab5744341a4a2ec4

SHA256
42332c2669cb4597f9722929ca00b88d3fbf50b2d177e905ebf6b284bf7511aa

SHA512
206aa3014130ce5c3363bdc8206080ed5b4798f6d4780792987698bac89037a535c2cdca6bae2431eb1d6bebacb1e34b677f8efcda9bb2c276df62b3d05918df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
78c5f945c4aab36c2198fe8d13f0c7b6

SHA1
6e54ff84e7a73f4f787628a5597837af0ab6f9b8

SHA256
6313ee2970c25356e6e18e752699b6f61ad012e00b762259fafbf67cf131c325

SHA512
f3f65eb6ea6925752e90a52e72b2738a30ab7d30a95a7070619b22cc2bab2d8b9e45c58978f6e73e40b52f03b4eb42c137b2bb27b990e27d2637ede5f7a0d812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
70a588d0012498f5135b346345aeb0fe

SHA1
bbb1606e8c6b365b594b9a2ea9bba69a712c1afa

SHA256
0c63f69ac7823297289eb12fdfdfc674592830e10c3508bdc07aed675ab97a22

SHA512
f4977085f35e32a9d00400b91c9a50503b637ad6d5041680b6930eb5949e7e73184cdacc8f60f5af6be1112a33af3ce2387f772ecc812df38f2fe3e8004cc235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c7319c15b4c1557afa13bc43145d97f5

SHA1
c2da89ac4ee42e0af3b3feedcaa43822f36875fa

SHA256
400eb61889ef8dbc7f81725476f6e8808c09872e77f95186eb75fc77feec3bd2

SHA512
ecb612c0ccd3fe956be70cf2efc7da83e1211b4a47ebf8d2227dd9ef97ed6d09bafd943a4b2255c65e059aa7d2c4bdd1ad81cfeb9f90f842d6c52c4bbd1caf66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d94da1ba849a6e2f3cb5ad83aec1605e

SHA1
b0162ab4e49f477c8e928f4751c3300104840d05

SHA256
e86668b20de4f1dedc3c9b0966e8eed36263fe5fe660064f933887ec02ebf6be

SHA512
37a66f5f232515c9df13e2a0b6ff3ca17b9b89fd12fa7be710013a9a30b7db03b2c569d3f03050a43ada73df895f8975d8ec2d61de5baaf386189d7e97f8aecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
a205385470e7aee6217d7ffae7c5445a

SHA1
52a4fe70541016908eb0996c18c66fa043d3cb84

SHA256
8b80e25291921b2e606120222466bd75d6dfa77f97184ea5b6ba593892db59f9

SHA512
46144d4fa1b82b812eeaa797948ebb1dce38f9dc6e4469b867ca111339c68bb6e7bc3dd5221d1922b756540155ab8dee3a5c798d07a732dcbf1ffc3238a1046a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit