c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
04/05/2024, 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
Size

1.1MB
MD5

4e404a3948c28415eab93df5c52f5280
SHA1

820c29e25f4303b00c935035f62f1f42b5f20ae0
SHA256

c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22
SHA512

1a782cf8b7a4674d6ada3c9d69edb35310e1d8ed16a959dadd5b8a54b3eebf92cca80ac33fd2fba86173ecc2092ab730871afeff44fa0ebbf60c6e6085188668
SSDEEP

24576:YqDEvCTbMWu7rQYlBQcBiT6rprG8aur2+b+HdiJUX:YTvC/MTQYxsWR7aur2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592718563447763"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2588	chrome.exe
2588	chrome.exe
4020	chrome.exe
4020	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe
Token: SeShutdownPrivilege	2588	chrome.exe
Token: SeCreatePagefilePrivilege	2588	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
2588	chrome.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
2588	chrome.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
2588	chrome.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 2588	4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe	78
PID 4964 wrote to memory of 2588	4964	c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe	78
PID 2588 wrote to memory of 4852	2588	chrome.exe	81
PID 2588 wrote to memory of 4852	2588	chrome.exe	81
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 2972	2588	chrome.exe	82
PID 2588 wrote to memory of 3260	2588	chrome.exe	83
PID 2588 wrote to memory of 3260	2588	chrome.exe	83
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84
PID 2588 wrote to memory of 1600	2588	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe
"C:\Users\Admin\AppData\Local\Temp\c190c452eb2140ee047b92561b4f2a4ace7d82fa79c959cbb7f535f148005c22.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc2ff8ab58,0x7ffc2ff8ab68,0x7ffc2ff8ab78
    3⤵
    PID:4852
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1808,i,2773659516527995553,4306348700573435893,131072 /prefetch:2
    3⤵
    PID:2972
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1808,i,2773659516527995553,4306348700573435893,131072 /prefetch:8
    3⤵
    PID:3260
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1808,i,2773659516527995553,4306348700573435893,131072 /prefetch:8
    3⤵
    PID:1600
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1808,i,2773659516527995553,4306348700573435893,131072 /prefetch:1
    3⤵
    PID:564
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1808,i,2773659516527995553,4306348700573435893,131072 /prefetch:1
    3⤵
    PID:3076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3780 --field-trial-handle=1808,i,2773659516527995553,4306348700573435893,131072 /prefetch:1
    3⤵
    PID:1184
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1808,i,2773659516527995553,4306348700573435893,131072 /prefetch:8
    3⤵
    PID:3116
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1808,i,2773659516527995553,4306348700573435893,131072 /prefetch:8
    3⤵
    PID:3316
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1808,i,2773659516527995553,4306348700573435893,131072 /prefetch:8
    3⤵
    PID:4484
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2332 --field-trial-handle=1808,i,2773659516527995553,4306348700573435893,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4020

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
337483b17586713245806e778bcb975b

SHA1
8b6df4183dfd5686759ff28f1226902d80cd841a

SHA256
548f5a401bbf66ca01c8886e192683f73cdb31eb6b983cd390c1b230bd6e4ecf

SHA512
cc9303bd9fceed4875130ef8bcf5a026d4b6a59712b5e70f4eda5f665d325c9eca2d7630b318fd00ee16a09e0057ba7e5f06577f2ec8c60cb5fbf6deb6ee0fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
666a8f22e10476a4a5f1a6f982b33e7b

SHA1
ce14ce0c12b7e84a976610c1e867c391f08806aa

SHA256
510563031ed12ecc1baeedef1f025e8caecbf5d58ba125e446ef8aba568c7ae9

SHA512
3e2f388a5262d1b2b303b342d317454bece3699773610a28d8d6223cf5e7a56428261c3de78e1026b8a095af995bbe9e1c54ae6873083fb36c48d3be5eaee42a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a33bc577702671b1353dc373fa6a6365

SHA1
eb016c17bc305816fbc4e0eb044fe21a60089e51

SHA256
c2d0166e71266a1306072524071380f0e287f893f8ce8191e223e9770f580468

SHA512
e73589072341a9bc040468f3c180a24fc48b881a919100ba3fc650cadb79d827e391421cfc01b1501ae9b7385dea2474a0c246e2f5d8d6bfe029adc3efeec7e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
1511b3f9249af2223d77b505b16d14a3

SHA1
817c1e56196064a7968d4e4f76660333a88272a7

SHA256
90983c2212b87aedfd0667b1f613b64d3873d4853a80c9210998c37f19a31083

SHA512
42d9157770755d50befa01a5b28ffd74af524393eeb71d5bfc3133d474f5fe12f8e8d2c6db655400f83c43846a577b45c2af9e99383b23de223f87ec8a382333

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
66e87648de2f40968d41a0447f8a4bcc

SHA1
e4a45a5b055bea0e2cc364db58c5ac4bc3a830e0

SHA256
1d6845a4275c06f78bfdfd59d0805129d56995e2a9296df6df40f15baae6a446

SHA512
b361fec01549e14279e3f1b92d3661e3d62a53806022c6fe4cbb178958aad6293ecc489828273ff7faf47135ccb45af2eea4019669c9cb12e4b6d3889dc373ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
9acc3152d20b25c76a0e9045780ac311

SHA1
b9b98e1790c5243f2e08a2cec212a64000fec6f6

SHA256
d50e56a243215f9e098154ae143d210b90236e17d83047202d47b2fab86cbce4

SHA512
38dc1ea1c7186cde1b305c6da3ec346cc6578c57054d93c5871e2d329f92e7dc7c7ef718a35110b0a8ae71bb6cf3114a2970ca7bbee1cd2527be01a79f01efdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
3e9a88b0ff588d6bd7e96c695dc13c1e

SHA1
3abf4e62c06ae037f73874c1e6146f3c206b122a

SHA256
a2c1dd3e5fb6c0803a05e9ae6318137ecd4c046e2daafd0ae74f2927b5dc3d32

SHA512
bfab33cf00e7117699069d96ae655f0c1ea2db8fe9c003362be16d355c9ea2f3318ed7829633470467b39c5e80dce954db9e87d0407762a09e8f61057dc162e5

Download Submit