8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c

Analysis

max time kernel
150s
max time network
141s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
07/05/2024, 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
Size

1.1MB
MD5

acef4d21e38bc01764059c9548c182d1
SHA1

60fbab0ae0a76bad7c7e44b02545ff32c2a2188f
SHA256

8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c
SHA512

d2fc3fdbadc70d766b40b5304e928c220ae7249d0aa9581bc56012532f2706e7956ca0d3da02c4f56d7987af092d3ac312ee80e8bdb5d8fbc0ac7b498788260e
SSDEEP

24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8auJ2+b+HdiJUX:ZTvC/MTQYxsWR7auJ2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595212585479682"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
4584	chrome.exe
4584	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
388	chrome.exe
388	chrome.exe
388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe
Token: SeShutdownPrivilege	388	chrome.exe
Token: SeCreatePagefilePrivilege	388	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
388	chrome.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
388	chrome.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
388	chrome.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 388	2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe	77
PID 2676 wrote to memory of 388	2676	8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe	77
PID 388 wrote to memory of 4692	388	chrome.exe	80
PID 388 wrote to memory of 4692	388	chrome.exe	80
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 4916	388	chrome.exe	81
PID 388 wrote to memory of 664	388	chrome.exe	82
PID 388 wrote to memory of 664	388	chrome.exe	82
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83
PID 388 wrote to memory of 572	388	chrome.exe	83

C:\Users\Admin\AppData\Local\Temp\8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe
"C:\Users\Admin\AppData\Local\Temp\8104a6f4b5c0da5cd6d5ee8e9694633b37d588a0322d03b78f0bddbf2ab3ef7c.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:388
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdec3aab58,0x7ffdec3aab68,0x7ffdec3aab78
    3⤵
    PID:4692
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1784,i,14451151652507878612,9162368733024670129,131072 /prefetch:2
    3⤵
    PID:4916
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1784,i,14451151652507878612,9162368733024670129,131072 /prefetch:8
    3⤵
    PID:664
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1784,i,14451151652507878612,9162368733024670129,131072 /prefetch:8
    3⤵
    PID:572
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1784,i,14451151652507878612,9162368733024670129,131072 /prefetch:1
    3⤵
    PID:4888
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1784,i,14451151652507878612,9162368733024670129,131072 /prefetch:1
    3⤵
    PID:1360
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3832 --field-trial-handle=1784,i,14451151652507878612,9162368733024670129,131072 /prefetch:1
    3⤵
    PID:1972
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1784,i,14451151652507878612,9162368733024670129,131072 /prefetch:8
    3⤵
    PID:2920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1784,i,14451151652507878612,9162368733024670129,131072 /prefetch:8
    3⤵
    PID:2052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1784,i,14451151652507878612,9162368733024670129,131072 /prefetch:8
    3⤵
    PID:1336
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2396 --field-trial-handle=1784,i,14451151652507878612,9162368733024670129,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4584

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7a73c085-6a72-4883-bdd5-ffbd3c907c59.tmp

Filesize
255KB

MD5
87870176facc92f73f8c54d849b1628c

SHA1
f47673b1e6f28d34632da584c0de4b70a9b0689e

SHA256
4364899407288db11555fc86ed9dd0e5a7257d261d26c5729736e3a5b2f0d732

SHA512
9a1ce2252152106df968e1336feaf73f153909915bf19aa6f52b3d6d7bb5209976d360bb6aea3b70f4374787299709ce7c0548ec2bd528a970f5a045322d3f04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
3286cdb4cde45962d05fcb8696f93485

SHA1
807c9a715c547b58af3ac539fed14ac72dc72abe

SHA256
732d6bef0ba31d9754ea98bf085d7c566ceeaee3812ddce00d9a8b01beba59a4

SHA512
5009d1b33472e116099a61803582f8491e82e8381a0276399f297a900a6a6e9c49bb6b13dc39b22930abe3a8a496fba785fec7125a4b48f614077e58a791056f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3e78e0cb36af0ad11d5c611c65807c7d

SHA1
27d28d9ee7127e8de36e274e0940133f33791785

SHA256
e9d6a2a42f0a5dc5eb4c14c9987acaa12c8328037a7d1ca92736ca24cbd87e39

SHA512
93f2261ee4018506522155cc5a881f4c5e8b0910c9db26cd0059aee674b17d25401f5a10fc484a9bef17f7b1b04bf394db6f85f30ecd2077f2da4b1a4bd37867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
105378ea0c9075858eec3f362153b6eb

SHA1
5cca84fb508771f1c1adbdacf26b5725c23de0fb

SHA256
35f246d377e506d978593947090ca9e3149ddfad1bfe1a335e9fdd559fae6efe

SHA512
298509f29a14e27c48a2415ca07a5626c63eca684fdb713303c9f0cea80f5e9e20456c0cd17159d8e6de7b0950ae5574e7d161a1517774411da72c747339d7e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
556e13b0f5ed2f59a1c171bfeaf91730

SHA1
c9d3d37e252e62fb00c1c1acb248943f2b3e2f37

SHA256
ba6ec3abb9ba6ba080aec4ab2e34ea7fbcd317001610b924bf50db4bb4ec857b

SHA512
bd45c36930d668159c784d29a9cc217fe6222cbbc87332d017eb829c490a5c750d60dd8021a450a27e2344ff7579efa89150bf403dd9b45bd4f1e88a3618c454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0dd6ee508ef6d457a0efe5cf0b50c177

SHA1
b059466d21900c4023ab6609c301762a7d4301ea

SHA256
6339f5af23f4672b7a4badd95796c907adcb40767faaf3c82329b0584bcd5805

SHA512
91c3c253dbc9c50759415d1b78142b2d31793c5b45480b765dc01690699ed88990322db995d3a9494d03ba9997891362d67946b3a81ea41018bdffdae59ea37b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
288eee15be15a042052a0024d4acda31

SHA1
0f4ab6066c10415c9fdeb36e0d0d46914279ae87

SHA256
3efba471ae04dd7300ca9120f150b7417222f9e8367368ab29048b17bc5b91b4

SHA512
5b4bf118b792f64d4e84b37630c96defac3a9968f334392414d062e2e6bb85a332c2b0641f59166604fb92b370454ac7c24af4cc7038c7fac761c01b9caba261

Download Submit