af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac

Analysis

max time kernel
150s
max time network
139s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
04/06/2024, 08:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
Size

1.1MB
MD5

65b0afa5ac8b0f7b78bbd0632f88e405
SHA1

727de9a0f448ce7f43a18760c969ff16ece33610
SHA256

af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac
SHA512

2f28599f67b6528ca0905662cb2d1cd51e25dcb20675597de65cea7b2bf16498a27e9c30bd2ee7b70388c79d9f8fce876e5ee04c559135660b7e832ddfa46522
SSDEEP

24576:GqDEvCTbMWu7rQYlBQcBiT6rprG8auR2+b+HdiJUu:GTvC/MTQYxsWR7auR2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619646226388163"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{55878D17-0C6D-4993-9E45-B7675A7A7BD9}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1828	chrome.exe
1828	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe
Token: SeShutdownPrivilege	1828	chrome.exe
Token: SeCreatePagefilePrivilege	1828	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1828	chrome.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1828	chrome.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 1828	1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe	79
PID 1884 wrote to memory of 1828	1884	af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe	79
PID 1828 wrote to memory of 4172	1828	chrome.exe	82
PID 1828 wrote to memory of 4172	1828	chrome.exe	82
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1660	1828	chrome.exe	84
PID 1828 wrote to memory of 1492	1828	chrome.exe	85
PID 1828 wrote to memory of 1492	1828	chrome.exe	85
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86
PID 1828 wrote to memory of 4952	1828	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe
"C:\Users\Admin\AppData\Local\Temp\af02929433fd141a7201e10fdce0673146fbc3e632eddc794727a9f1d11c14ac.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1828
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb3e4bab58,0x7ffb3e4bab68,0x7ffb3e4bab78
    3⤵
    PID:4172
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:2
    3⤵
    PID:1660
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:8
    3⤵
    PID:1492
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:8
    3⤵
    PID:4952
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:1
    3⤵
    PID:2724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:1
    3⤵
    PID:912
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4172 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:1
    3⤵
    PID:4564
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4308 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:1
    3⤵
    PID:3916
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3124 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:8
    3⤵
    PID:2356
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:4996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:8
    3⤵
    PID:1512
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:8
    3⤵
    PID:3084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:8
    3⤵
    PID:4944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1808,i,2444516527992186826,388861761260632470,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1932

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
2320b366fd2dbd80bf8b5dbafd80d477

SHA1
a82725e40a3d244328c2675390d81247156b08de

SHA256
6ae0a1a282423ff36369d2037b6382de6be2c6a1b466a5c935069ce3f17aaf0e

SHA512
39646d9e6cbe53ee579259eed0978f99b9b8365b425d129b2e0bf11e82db048073976dcad41c78405b88926ae54837500e3a1d1ea3916737a455598583bf6ddb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
850962be57e6b7630755cd4492acfb3c

SHA1
69109c85e909eb47101975e025365790aef7f4c1

SHA256
b66ed5dd6734e66e966f1f48c8e60d92d04baaee13091c173838401687baf1cb

SHA512
900c057ea07d56787a9933c870d2ee2b74d81b799e92ff108859bbd860593f6b5222da99f0a4e1945bd3c7b9fd340846191af176aadefc58539a363dd86728d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6d626cf9371437f0a5e27f4045650408

SHA1
63132c83ac2de9866754f0570d825701b587c9cb

SHA256
89b0acae38f389c7e71735a506e3c7670f545aa268adc86f7770f02a9ff5ce38

SHA512
846c8222edd7553b79bc64dcab2738b98be4ae1b2ec5cf6688c310f67586224326e279d9e587e55f6935a16bf1b44b14efc7dedb766a5bbdfdff34f4edc3ec64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
ad4063a3ac88feb106b0bcc298407bf3

SHA1
a6aa2cee017592490c8e6557aceb5ff77c07e7a2

SHA256
8e9ffb5b107143dcd52bec1176b00f2f9ac8e589fc03945392b0e1a5dd67a08b

SHA512
543651bd1af800d7518968183b80db137e3dfd10c3b32e21ec1a45b9f538fb75ae3db527611adb9ae772ce8004438e4a74bc3c394f61a928e21b74348497d996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
e680a669236cc0a3a444bd413d9ccf24

SHA1
650663cdb1e3a56a165ba6a4b1490e8c691150a2

SHA256
6ed6bc2e9688f2cf0642d9a2a5dca63c52b501d70f721589267cd761e614397b

SHA512
345b1384be27c85a9aa7f917ce2d4c6469386ea26f4e56890fbc8c634fe996c00ecf380b2183133b837c8cabe9d5c9ccd1c0f0e3aee19cede7470a589f4b69d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
64ab48c4c3f25ac80c978f351b1b8705

SHA1
47d6e6db3a757016ede9a6915e868682feb971be

SHA256
717058d0b7b3de31a8013be1c2cfd576f298c5798b1faed866459261b38907da

SHA512
2373ff81a83b58a1802ed2444c72925299aa2001445b3874f074a7d8a230deb2237427474b23aaeeec91d5d769ba1438c7733a8f82a91819d9e99cb5dec853f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
1653761a9ab862f5ea908efda2496729

SHA1
07825c4e7b37ecb6f94add869e75ba39657c681d

SHA256
e739a36b6a5fb1a19d727db414fa6797319e81ba677a9337a9155d5c10d762e9

SHA512
5c2ac541438aa014291dfc44edb46f86450fdd2efcb5ad30b0a538c6e1960b9c4286565ed3be45f7908dd78923226116539999a6c51af0a092da923e30f23184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
7af79bd907c6f3ae2a95df5aa1fb97a7

SHA1
3f31671ca3969423911e0cb49a3148772c694b82

SHA256
69820550a801be396fb7625fadc0f8f8b1b57b7f49dfe0c062dc8cf1720c947c

SHA512
0953f2e5e4e12c78fb5476c89c3c5617e89e53e04e51bf8b32558c6e6944f556bd3d89dc1c03f6c3f9db70af211002fddc3da6064611a3ca8665de4da940af37

Download Submit