c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
Size

1.1MB
MD5

c12334eb9fb65ee27c2b2b92cbcd4722
SHA1

e778cf8e2fca24c3eb5a4657caa1d82b4baae71d
SHA256

c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396
SHA512

7b400d4c4204ee06b20d6dcc41dcafb642792a42640132f3baee1179d6205f84e6c3fba94cc0acf2bcd0ac17d087ca9d6413260b7cefc2c3578a5b4539d48f96
SSDEEP

24576:sqDEvCTbMWu7rQYlBQcBiT6rprG8au/2+b+HdiJUX:sTvC/MTQYxsWR7au/2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618716287619073"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{28536D7F-8F68-41F5-8414-E2D0382D536A}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
624	chrome.exe
624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
3664	chrome.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 3664	4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe	83
PID 4352 wrote to memory of 3664	4352	c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe	83
PID 3664 wrote to memory of 2624	3664	chrome.exe	85
PID 3664 wrote to memory of 2624	3664	chrome.exe	85
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 1036	3664	chrome.exe	86
PID 3664 wrote to memory of 3160	3664	chrome.exe	87
PID 3664 wrote to memory of 3160	3664	chrome.exe	87
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88
PID 3664 wrote to memory of 3064	3664	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe
"C:\Users\Admin\AppData\Local\Temp\c5a967d4542fde49315d210096d2c24fcac90025170136c0261b468d0c773396.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3664
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffa75cfab58,0x7ffa75cfab68,0x7ffa75cfab78
    3⤵
    PID:2624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:2
    3⤵
    PID:1036
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:8
    3⤵
    PID:3160
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:8
    3⤵
    PID:3064
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:1
    3⤵
    PID:3420
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:1
    3⤵
    PID:3216
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:1
    3⤵
    PID:3504
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4448 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:1
    3⤵
    PID:3968
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3064 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:8
    3⤵
    PID:5076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:4988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:8
    3⤵
    PID:2376
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5056 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:8
    3⤵
    PID:3076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:8
    3⤵
    PID:220
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3084 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:8
    3⤵
    PID:900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:8
    3⤵
    PID:2604
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:8
    3⤵
    PID:2304
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1928,i,3212769127704702186,13257540894361236991,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:624

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d495539207843dacafa985718426cb97

SHA1
c08dbed5ef9d5a9f79dc9527934def0952e39ae2

SHA256
55b41426b2218d19bbd734a479ccfedd7aeeb0d68f66ac735cefe016ef547526

SHA512
b912f0c0484d8a55da90c1a21c4489444aae39baf5df627ceba096cee43087eb1287729eca940625eeeee913b20ecf9de58c83779e016f734a99c42fb8c47ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
00633b5c51557f7fae8177413ead0e5b

SHA1
9eb3cc47e0e91827b9ed1a20938f40844b032684

SHA256
90f26c885ab841f544fbdf27b54a8df4cf8b8be6ce764ea7d1df2ce2054f5593

SHA512
e8013d50ea83c5e11b0cb528ce73cc67da8c50bf44178cef78d3da9f516a8fe6a832479c37af53a9bc41d7c565041e4c714ca06ee4f316a53ceda8e52999cdfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
eba3c1331b389212e813d5de2144457b

SHA1
b3a70c921954c90083f8b243ac57ddf4e096f87c

SHA256
37e6995b86a16cc0a2febca614048cc48d3356d1c5d58f4bb79afe9bcec4c6b4

SHA512
66164316cfc1459013f981e784b81acc7b01e130e04eb0d9b388af8f533fb7f56732ff2531d981b04c6341b44470d1a83081ac1816fd9620b89030230cc4fbc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
180b07bdaaf5624aa335bdf523e0995a

SHA1
af47c1787bda27e0905ff8a7700eeebf387965cd

SHA256
f27d285cebd68f41cb340436801d96d1202f863a21808596a393175ae78ab4af

SHA512
224472c75adfa4ff61e01a10e40a671ce9c4e1f1571614605ab7eae7959eb0638a473245fee61b8b9c16d94cc5ba9c3336f569a3474677045fd0b7fab34eb01b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
dc1c9e337a2674a1999d2757cf1038f0

SHA1
05864ee2238533b2981956d2d7726f6ad20939ea

SHA256
d17e52a2f0d60b2acb674714bec7a09374f73313d3c5208d9cad91cf12fbdc8d

SHA512
5f71a7aec707d7421918a914f4113d6d63b0fe01dae0bdbaabd492e0b3dc8904fc630dec6448e5e352fe6ecc753470fcb1be8d18b872fc6f29635af3e60760b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
be685ff2c856b8378e7594258599bb9f

SHA1
a433c1e5c41fa673c0569cf31e21fa13ee90a186

SHA256
dd62498b1eeb53cb757d033f97f0eec192aa7e4eb7553cc11ba47b5e0ed75255

SHA512
544b657b4708efa70f5cf87885e48e433b7f24ea31efa6d69dfdaabefc29c59b9136d8680f1ef104b8f7c2ea6792dc13aa57827dd09cdeafe9c76696dd91df40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
40206103bdb56dab35eeaf748e7aa299

SHA1
174269f020531779c87073a8460c977bc1f096ff

SHA256
0d26aacc28d5a5a06515a0e0c6d40e745445bc926648c117e3e597b91000dc2a

SHA512
1b6515a11cba1198e8ce141a2fda054dfd9c58d77a2e15a8a6e53fc4b5a91ee20139abb70e49c22a982b6898a8d110488ef186227a4a5aaa4f8e0719c58b6394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
5f37b8b8602cdc6d930855bb33e56dc3

SHA1
5810a9204cdacfaf165381f43213ac2c838b9668

SHA256
96a56ee74bde278b61357a583de1aff53da36044276c6d48a686272d1a3e53f1

SHA512
bdf0c1203b37703498350d0f60084937851ce9a20ebac7b959b5aa35e51efa1f52cb258f0b8443c2873c21e747eac6d1204f60386424098bb2ce97d786e44f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
e743c957eba16309669569ccdafa520b

SHA1
55d32b65e5417ec87cffd1459e9c253bbd98a046

SHA256
0d9bf6a3ba56919349daf760433d2c39c1d85a17c2b3cf3e8910af87f70634ab

SHA512
47750e8fcfa647055b5723b20d1298adc3958f7ca0f0658ac3a0d9e89b3a287501f4e7a6e08b50449251fb8f75710fae1f7aa63d1b772da2806b4e0eaed1c319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
44f6188b29f593fd509b85ff5c908428

SHA1
ca30b04c1b1c191069d5a65e0c78b58200fc0ba5

SHA256
9b9370f441cdee999a682c08da698d41769ace468eb47718d3f182b55b1169ca

SHA512
9f3bf7486cf9e8e2a2f799d1118f5869f341866ea58f76f1405512b36820e677fbd18c14103a1115b155fbe114fc7e843c83560ade587c4b06d81b4730e48d56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
33556277c23bb1c612d07028d8e0df84

SHA1
61d0ad7aa047336ba68e12dcceae99f37022813b

SHA256
df16bed6a437261c2be32b0eccf0b1b0590a4a87b36fc17121079cdea86105eb

SHA512
cb50a7da6f30f4f01dde54dbd6d698c165c7328d739ebce34fc3d739d1c00e94d10ef4b6ce741778ed20740d3145c6769ac3312c99350fd6440c85b890af7d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
6fa3171b00378c010ddd8fc32b98fb3e

SHA1
3c08dc386111c7b2826b1d053678b02aa4dd009a

SHA256
3fcd72facfb80f12a0226c1bc3d02f8f6d344683e2ba1249cf43a19976efa935

SHA512
8bc74dff3d313f688cb768d90f416f749a6a28d4e84b2b95730be5806df0c2e90419f97bf2074fd1fd6c1eab24145333af4a9bfe837e043d9d759912407d0c70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e649.TMP

Filesize
94KB

MD5
6bc14a4561a126723261afdc2c1eaaab

SHA1
d84fbdf8a1a203524ae0a1f2f777f88c74537477

SHA256
53ecd63bb161727ba77ef3b45c38ab6773f40b70c92025e380180de894d83ec1

SHA512
35a4a9051282eb994aa78886207eab71c8a2a725dd4197fca3e69324a17a53724e37b323358eee6ca06c0bf01c17b0e0546e6245ee99d78590e83d03191f4ac9

Download Submit