526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
06/06/2024, 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
Size

1.1MB
MD5

df7a653cbc546c44115b867f5a158d7b
SHA1

d7074f8d2c1a5887564ffaeaac4e5df22c792d9e
SHA256

526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305
SHA512

ae841f1344215d7c98a41195ed9ce0ed5c152ba9dca33163388fcfe6c55ac4e4d0f3b07c78e7236cb6386dc159aec266be6b0f441da43269aca8df9df11be66c
SSDEEP

24576:lqDEvCTbMWu7rQYlBQcBiT6rprG8aug2+b+HdiJUu:lTvC/MTQYxsWR7aug2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621287413959230"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1672260578-815027929-964132517-1000\{33B0B76D-F7D2-4EEF-A9DA-AC66B995B77E}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
2144	chrome.exe
2144	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
3276	chrome.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
3276	chrome.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 3276	5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe	80
PID 5008 wrote to memory of 3276	5008	526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe	80
PID 3276 wrote to memory of 2340	3276	chrome.exe	83
PID 3276 wrote to memory of 2340	3276	chrome.exe	83
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 1668	3276	chrome.exe	85
PID 3276 wrote to memory of 4008	3276	chrome.exe	86
PID 3276 wrote to memory of 4008	3276	chrome.exe	86
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87
PID 3276 wrote to memory of 4036	3276	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe
"C:\Users\Admin\AppData\Local\Temp\526ef873ecae9bb03740a51f04fd6f7d659bc0b3c1fc27301356be0b6ab9e305.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3276
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2191ab58,0x7fff2191ab68,0x7fff2191ab78
    3⤵
    PID:2340
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:2
    3⤵
    PID:1668
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:8
    3⤵
    PID:4008
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:8
    3⤵
    PID:4036
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:1
    3⤵
    PID:2344
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:1
    3⤵
    PID:1676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4156 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:1
    3⤵
    PID:4480
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4364 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:1
    3⤵
    PID:3320
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3392 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:8
    3⤵
    PID:2724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:3324
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:8
    3⤵
    PID:2656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4284 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:8
    3⤵
    PID:4812
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:8
    3⤵
    PID:2916
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:8
    3⤵
    PID:3264
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:8
    3⤵
    PID:2992
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:8
    3⤵
    PID:4692
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1840,i,18064796001339338340,12580178002851893997,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2144

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e4f8b61984f6f05582204d62b8ec2c67

SHA1
e0464d64ea439e9a713fde9966c097073ef45df6

SHA256
d63bb9f3c4cc04fa705713b550ee55e7c3d4ec17b4a9cad308750f0da08d9906

SHA512
2635eeadae8af0f5387e36bd272837058bcfdea66e7c23aaafd7ce03c999981c91881de2650a18314e1e9797c74cc0d49f31e051939ef7f941a74339f881dc4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
be5ed7f2bbb98f56b2c6a83de3442faa

SHA1
0111a044f082bb2cd3c7ee1875b4ee7eb3334224

SHA256
7fb8f6bac0bc622af0f908d2ffe301c2ee117cbfc7a1da4f952fe946e4b9a5c5

SHA512
e6aeb0960762bc7bde468a14acedefdc870507d40273f1580685966ef01c07cb77687f1acf3fb6e7947504199e0218d8423f1a8bab35624bf4388b00167d9083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3ca654d73116ce8175a9357be61f67d1

SHA1
1e8f45e1eed6117c683079980add4912cfe4dcab

SHA256
f56cb5fe5ff6b310b2d56a537dccab01c8eb8abd77e5a9fec6bf6e65bd4d5148

SHA512
3f31cb3e5d224ef38fb2cc95c11f37e31a04d0ee1124936ecf9898f737a988b44f5ea2792bdfd0d6fa2822778444ec3bbbaf7084671070186a1bb3d742f7aa68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
88756b7fd44b3fad2d2c5aa128197b71

SHA1
652103245a2f8fc2f862eb6ca27ba348c927e129

SHA256
99842397ed79ce6a8dcbd2d9c9881f34b6bc67cdd2b12106c1231ac8308066e7

SHA512
46235086e3bb904f33e0b4a8edb430b30f0453d8edfecc3c6e7c25b59cb603b9863f59ec61f0876748238aad8545b3d0f0a01f9c3a86df49a550c5506623b80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
57a542c1b3d2538d4624ead6a109d559

SHA1
67c4b2b54795bc03ae62a877e7e69fc9edd03e38

SHA256
4139f67332b0348210ae51dd80252379c98899c9f56cc9d8147265096a308843

SHA512
b5fe41d22309cbda206e92eda2f24137518d1e054c9c8ef70ce04fca7a7eb34c9ce9f157c97016b16c0d9b0275037e978caeaae801272c58743c29c9b85c4908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0345e400c5f6eb3a6a921333e1f8030c

SHA1
7b9ea0add0343c4b6a063dce8a1429c84002ee09

SHA256
48071bb158b1cc9c5314561a4967ac47510151e26e36ba8a87e8ecb073a1c52c

SHA512
5dcb20b0363a52ce2a68bb348147751e2fb2f5983e2fc6c84e2422aeaa768b2a93135c8996b9f50905327791e02b2e523a926eb8a3e7f8a39d1ddaaca2cc85ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
70be5dccea2fa1da4c3a46325c98140e

SHA1
6d897488f56d3b4b12f410f3c374d02f2e3807a1

SHA256
262b07a4d014f2f4b1f98c014582344e8213b0a78468506491aac97fa4888f9f

SHA512
03455ecf72505167d6ae49938abdd6b4d8cbec05a4be26e566fed04314acef9092efd520da70bf444c10cd438d8d7f6f3c0cdb40080f00b10f8dc16254b16a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
b4392d6e87ae44132f12e63e4a8e6228

SHA1
8ee355aea52f575223864bf069d391ee264f969b

SHA256
a8dd1a61d560ddaed2283fbdfac8b68803da4e9d79e25d8e77126d25dc867f32

SHA512
44ee2bf4d5729d63cba2c8cb71e5802e3f50d7a81898d328115766dc34909090a3afb299165b350c10cebf38c8734086fd090b59360dddaf83b09aa52d380129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
c054bc98fe5c68c5c562e209c62273f7

SHA1
dd9b5d67494b9960000488d4be4b8a766abb44cc

SHA256
37a69cf859b49fbef26eca1d4f76d53f25cea68d72ad551613df00bf53249e2c

SHA512
c948fb4fc0024f481471033733239fe8536ce6870758107bfc074bf1e4e49fc3dff9d37d50bb359c25c20808c5cc31aec4bbc9a16485a30b06751e2439268bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
264KB

MD5
d4fc089a15509a3fe72bf7211d126477

SHA1
0f311d4b654c8fb93f57fbaebee459d74f4654d9

SHA256
ff704f9a45521f4c14ac3e789abe42377f13f089b7946a4cd40c7815939597c6

SHA512
bd6c530c83ab728364198f49e7c82973d33b8eb5345fcb808c53c9f8081c1b9813063aedca417f4ece185cba5b4d2b76e25a594a6dc8d566094dbabbec0a7e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
301KB

MD5
ea4827af369efb6fb478b2b86fefee8d

SHA1
1ef035206c4ef3135362945d07ac12bcc64c72d3

SHA256
ba42f542ddb3520c21c0d29b37a58a7dcdb2f7a6021d02b74d2447995ac96013

SHA512
a551713817fa2a30bbcfbd9a79f5449840f9c6f48ccc5d2640c29ce7123f3942ba41252ce77a09b09af4c6b8143b97535f0ce732d2ac67084fc998d39a9640c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
f573a282afa8022784b4aa47d6a114f0

SHA1
ff69afc40c13e5322aa8600c859fe6cd3148d416

SHA256
56719c37c897052e58514455bc5ea5e3c7308a7d700bd8a6a244833562f04bb5

SHA512
fff29df98ab31e7ea9223a1b036b272d90d2a013f64e762bec131e0082bfbd3dea32d9030e2dd8b7edfc84df01a9156c4bbf3629e86936d62d815ad4217872a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58172d.TMP

Filesize
86KB

MD5
693529ced8a240ecc68690667a9c594f

SHA1
9e34b1cde51ced118eb20cf2259ccafe5cfd47e8

SHA256
805eb68a816f0ffa243431376ffe86e5d31475c3c171f4025ce87d0b96cf1199

SHA512
bf5a9c4ae8b478435f218121882f5e299731e32246c4a7be620edc56ab85d71a02eef1d050761a0c5f06d4d51fb7795d0365acf79505c734965b4ef39e3ecb0b

Download Submit