c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
05-06-2024 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
Size

1.1MB
MD5

d0470442d92bfd52e37ceb6927e7824c
SHA1

4d4fc377e2222362874d43f09f87a24b98568a77
SHA256

c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe
SHA512

4259e1b73b4cc0a7c9d39e6649b9a5ca59031204bc82ea9d94fc7a8724748000de2824989f3ccf7f13cc63aa878d9d790253106b90ac747bbc275683ac41dc15
SSDEEP

24576:oqDEvCTbMWu7rQYlBQcBiT6rprG8aut2+b+HdiJUu:oTvC/MTQYxsWR7aut2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620641227096705"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2457560273-69882387-977367775-1000\{BD3CA43C-027E-47CB-9A3A-F1AD915196C9}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
236	chrome.exe
236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe
Token: SeShutdownPrivilege	4080	chrome.exe
Token: SeCreatePagefilePrivilege	4080	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
4080	chrome.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
4080	chrome.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
4080	chrome.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 4080	232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe	80
PID 232 wrote to memory of 4080	232	c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe	80
PID 4080 wrote to memory of 1440	4080	chrome.exe	83
PID 4080 wrote to memory of 1440	4080	chrome.exe	83
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 8	4080	chrome.exe	85
PID 4080 wrote to memory of 4672	4080	chrome.exe	86
PID 4080 wrote to memory of 4672	4080	chrome.exe	86
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87
PID 4080 wrote to memory of 3512	4080	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe
"C:\Users\Admin\AppData\Local\Temp\c26ee85e7a83fd63ab0d980ab37ecfce546238be74907130144a580d178425fe.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4080
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffda579ab58,0x7ffda579ab68,0x7ffda579ab78
    3⤵
    PID:1440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1488 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:2
    3⤵
    PID:8
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:8
    3⤵
    PID:4672
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:8
    3⤵
    PID:3512
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:1
    3⤵
    PID:3924
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:1
    3⤵
    PID:3776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4152 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:1
    3⤵
    PID:1988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4364 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:1
    3⤵
    PID:1668
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4520 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:8
    3⤵
    PID:4588
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:2364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:8
    3⤵
    PID:3140
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3220 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:8
    3⤵
    PID:2576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:8
    3⤵
    PID:236
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2392 --field-trial-handle=1812,i,5849661722416855894,4375834835568707892,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:236

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
1d3c1fab424b07102e7d4385a5ba1529

SHA1
a1dee15b340e63c7a9daa6fc6ad65a0808934e75

SHA256
da3d2d976713281254062a6519fbd238ad8ca389c62a7e79f42fd1bd38abfa16

SHA512
fd9c12108e0503e18ef6884a10939aa2fd3846c2c585b120f6a6c2b0f467a830e59a352c592ff156e273671c246e2b3125badaf87670ad4b72aa34988a606879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fc229848276aeef8b42fc4d320fc0bd6

SHA1
0ba5b4f4f3c304d78276e3e9a6fe3369947f53d8

SHA256
e76c795f812a15d6c11679e842549cf84ae320f0af9231c92fc85fe9205ea24e

SHA512
f2daeab6a8b0c6219b750010e6130cbbad9c7e151813b2af78727031be6f8e96a49c1a2445b03c521e3be7c64c30161bd41cc13a8b0a4f69b7f1000e3eb986f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
af9796f4f44ae951d9f7233f37aa0115

SHA1
1d96dd93ef5ae6a97d3df096c99791f90d9daf14

SHA256
ba9fc4573a8abaa6f2150245afa5a7cbd5c43f3d80cb07663df76c781c7e8712

SHA512
e8dbabeb32a39bb2b9c6146300545233a4199bad0d45a197b56beecd3e1b2b453e8f29776c23e1a3778b0a2204c0b3a60995b702bb9f485994efc5b5c9a125b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
a07972434c50610bff68e98701376dfc

SHA1
44d21c519f7881385153d1b067c99694a4098b84

SHA256
847254c674cc84d01fd3f27d72f59a7c9047118477c37050e96a1b372e024981

SHA512
8ac7f6439a5e6650020652c90883057a9f22538cc7d03823698b037346e257de9b8defe8fd1c52983d4ebbe3928e79f7a51dfdff32e3b16b13fd58af8c3d0a1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
7a18c9faa4f1c20f7b158f1746de63cf

SHA1
4c44b5940324bfc946a52a40d6adf83c064e97ff

SHA256
67a3bee592ff2b0e24e49e0b4e41fb060f4e68260e5b144d2702cb3ce3ac8bd4

SHA512
6bb3df538ebbc8dfa443efc15f29acf2e86f0b8d429d6ebd4531040a6393aa582897093ca44be1dce1a44c48aff36e55d4418f77976277d1a23bb7b96a0c3d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d5f5ef72378b7b0735b6aedc970c5815

SHA1
a062db248d50985444c2cf6fdb8ac9feec1c878c

SHA256
44b0fbbf7f71482b93dd0636b28a75c2de02185f5e186dbec88468712ba1164b

SHA512
8e47228527d82e28ce454874bb9dfa16119dc90a4706040cea98014ad35ecbdb7ccf1f09f064781bd98c46f267b4683023a6d6b6271434162fce63522c2b351d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
35d03700b5fc76344382b4286e68e9f5

SHA1
3101be235c6042225151ef3a9bdd71ef523d59de

SHA256
bb788e869a9b4a2dd778313a0130740f5d38cdd834f49075a700aaac4499c749

SHA512
6108c8e465dd3ce8eaa3273bc80c0a6a137b0199ca45b04980a43b914c93b45bfe8a3880fc018350b2d82b9b06fce1fc41a78dd63da04ca43f6338d894c191c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
2c1ef24e7c9a287d226c6be522f5098b

SHA1
d6b84e7f2074afd3edc21aab388b3ef26381f0f1

SHA256
adeff55d2ec5e6856bfc968da0dc93fc6639a5b54dcb34cd524d2b729dd23a41

SHA512
14b1bc538988bfa0954736fc0583db7465f385a04317872fa883bab5a49e378d7d61d89214b3d8b7005fbc828d1e518ba8699b0599916a502d7eb3bd3428a824

Download Submit