526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
Size

1.1MB
MD5

df7a653cbc546c44115b867f5a158d7b
SHA1

d7074f8d2c1a5887564ffaeaac4e5df22c792d9e
SHA256

526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305
SHA512

ae841f1344215d7c98a41195ed9ce0ed5c152ba9dca33163388fcfe6c55ac4e4d0f3b07c78e7236cb6386dc159aec266be6b0f441da43269aca8df9df11be66c
SSDEEP

24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aug2+b+HdiJUu:lTvC/MTQYxsWR7aug2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621287422115756"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{D9E7C49E-84CC-4F79-A0B7-A83A1B73B51B}	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
2084	chrome.exe
2084	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1360	chrome.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 1360	1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe	81
PID 1196 wrote to memory of 1360	1196	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe	81
PID 1360 wrote to memory of 1336	1360	chrome.exe	84
PID 1360 wrote to memory of 1336	1360	chrome.exe	84
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3900	1360	chrome.exe	85
PID 1360 wrote to memory of 3632	1360	chrome.exe	86
PID 1360 wrote to memory of 3632	1360	chrome.exe	86
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87
PID 1360 wrote to memory of 3416	1360	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
"C:\Users\Admin\AppData\Local\Temp\526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1360
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff844f9ab58,0x7ff844f9ab68,0x7ff844f9ab78
    3⤵
    PID:1336
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:2
    3⤵
    PID:3900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:8
    3⤵
    PID:3632
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:8
    3⤵
    PID:3416
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:1
    3⤵
    PID:4868
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:1
    3⤵
    PID:1324
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3984 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:1
    3⤵
    PID:1532
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3228 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:1
    3⤵
    PID:3840
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3212 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:8
    3⤵
    PID:2044
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:4924
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:8
    3⤵
    PID:3080
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5052 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:8
    3⤵
    PID:4368
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:8
    3⤵
    PID:4948
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:8
    3⤵
    PID:1452
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:8
    3⤵
    PID:928
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:8
    3⤵
    PID:2084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4664 --field-trial-handle=1916,i,15539442804669858839,211989468753485919,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2084

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
092046fa626078a1bb8a07bb410be9d0

SHA1
6d622be36ed0a8918cf2b9e5343b01d7d255111d

SHA256
491f3e4f1d7d8cef0ebc84f7eaaf82492e6bbde8dd0c3fd5e8d83f43d5af464f

SHA512
3f20b46b64bdcdaf69bc42b5b88d2e212d7694b90621e27bd1b790e21fb01915b422e352f489c731e9c00b3da1560bebae6e7f230859ba4f478eabd8daa9fcf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
97680ad8a6db78874322d5581712e898

SHA1
7b5952cc0104641a75092adab65064ac56b59de5

SHA256
5114bdfa056e0963ce253750910b08ff9b9f769401a35805fb06855e47c43980

SHA512
f0aa591983d3a58f9de735f38553ab3e2b0d69867236d1d2c2aa979ec591af39a3cba407a5e7f2ef1f74f2d9ec0463c180096ec6454ec4843c79add16cf48972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b48611d5c9c9c8fdea15a6a8492dab00

SHA1
52a4df94572ba21425e4e244342f30faa82fe0f7

SHA256
c78a449502f82e8e926373a9b64b56572604003760430551a3ec2dc51c9a057d

SHA512
5213c8aa2cdfe5ca22f3a18c955bb58781cc38e0d3cfb5e5bf4576907fe4755de25f759abcc6fc0092f80dc821ea01c0aba94a68c9fd719e717b2ea720b1e81f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
31f1d1b945816f93d40a36980599dcec

SHA1
8a6db671d5d98fd2720e6972ab06164325382f52

SHA256
114a4342bdf807613f3ad73387e3eb655669b40a5a99f25b371f8be3e3aabf5d

SHA512
b8557bb86b3519c0aa963abc3df0b3e6c73fa3665bcec4c5aed1bcadb426d35a0e39876620b70ad41bdb47d056958768f3bcb6fc1f17561c51a3a7e65c1c3d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
4969bc0d1355222960f1dc7c9ca9e170

SHA1
cc53772f446cfffce1b1d6818057a826660838d7

SHA256
cf974b5ab36e5989db7881430ecfdeec9f83d25d9d7ba9ab3580ba058febbdf5

SHA512
cdb3384a46e00fb05d49945fcd0fda8b56b0eb71b06c166115d1931d49eea7bfdbe27f19a4f2f5839745583d3cf98a7cf8fa5c0b00955169e943ff172d86e9b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d77fddd6d1d1befed90630282f75debd

SHA1
a7a27ce9eac8e2ff4e5cf845ef3009b1613da50b

SHA256
45dea0bb0594044136115c9c859cc01e507163f895d52c7380eb5013ce5a9594

SHA512
d3fccbe2ae11ed289f11ccdc6d05bec1eedb4c86c96d655a0c544e73c1e5b5f8d77d804e5308d113ff7fa3abb8471601a70f1c613f6117bbd9b87f1d6239ecf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
ddb1ca6cdb9472cd5c4c3d11ff81c5f2

SHA1
0326263e52a74ab5fb7843b2ac81a09a93017ed8

SHA256
67b9815f553d79ad127f1b8f8385f5600fc68441f4a05ba24831bfd5d921d48f

SHA512
3bbc4ee3e48255e6b2315f8ec36e8cc36e73a93af991581159345a58f1118eaeeaca27c74c0cd52fa0db61aaff71d0d85d3da01fe79d974b9522dd842a9729cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
264KB

MD5
a1fa594559a90d11f9fa1b8a56fe5cba

SHA1
31e290d8c9e4045a22227a479e1efab92ffe1b27

SHA256
fe5c9eefb52eae37e5c26fb6af8910feda644f90458587b65d40ac1826fd95b9

SHA512
dec9e6ef766e66a9ef560096b9e6f9cc926029658c3342f757b0d062af9dcb32509af436759b517943bd4a97c9bfa2f8d225859574fbce6f395466af12e6e5db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
8ddbd29baea9a0f7fbd7c1a546d06d5c

SHA1
8da2eb858e3e8e98c85f85c46749f01c4ffb098c

SHA256
ccb6ccddca8d4d3e90f468596363944efaabe7bff16c58430b32eb7e7d9b736c

SHA512
41bbd29dd22dea40fab4e722761bb6c0a02e314142574c1e3e38d5b632ba05fa031d838ebf1b406fc6188226fdbcd6210b1d2dce6969723d27f3662094838aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
264KB

MD5
513075b8f5f325929b6bf8959adab999

SHA1
80af31434d4408c5ee6a96dbdb325dfde03ac5ce

SHA256
fcaa7a4c060bb380553b2cac6df79fac1bebc4a76c595d91545cda15412ffe12

SHA512
ef95fc276f222601fc1fe520b6e82962188119327cb7d5fdbe0f614cf719471154798b9bfd7943958ee653461410f81b9fefe4de9b80c774fb2954bb48c86627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
7cffda2cdf3e19bba703c348bc2a20d6

SHA1
5a73548779bf0eba5d94f5a65ad66324a29de302

SHA256
89036576003cd1406b824e2101fc5761cd04a2ec66cfb33cf23eec4c83dc0c41

SHA512
f1a8bfbdac914a8ab2d5ad76dcfde06e7276581c844a43aa4e2673e04305fb842b052d0acaea2d37c7356a52b2525a368017ac104729cd994d352a7fd34a4242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
d9074b6ba9372b81efae220a8ce63ece

SHA1
949e97f64bc77278bed7d85e50358575ac5bba1d

SHA256
ed38f47837626450170318c3a4b577e8b7829f3d1b8695a9de0162307a4b19c0

SHA512
4f9eadd03e641aa8cf1bba2803782334a9a6067937005a60ca7c8d2011fe15b188e05fd197e1e9ef0edd8954cad620ec86a17f34184d5ef4c820961fe2a23ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d0ae.TMP

Filesize
94KB

MD5
73ade10e97bfe06869da70db5aeaf440

SHA1
4cdeed9de114f424640a708d95467226d1c533e8

SHA256
f52f8ca8db484017804cca54bccbb4c6c32165a30c8e5a4eb05ef44628463517

SHA512
1a4c6bbf03a10fab4272af54870a17c708035b906cb1ff0eed050aa228bfb323303c91888e423125cec5486cfec66d73a34b21cc71ada07a5cf6a4c55cc3bb58

Download Submit