cff8074a81efaed1fd1001d4ed0494a9aaf7cb959485fde4f1bd048b3c0e2e9b

Analysis

max time kernel
1800s
max time network
1778s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
06/06/2024, 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download (9).png
Size

308B
MD5

63df8f04890a9bf0c0941a231ec56c22
SHA1

05b625f2b5b440ace4423a18b4a77595957cc43a
SHA256

cff8074a81efaed1fd1001d4ed0494a9aaf7cb959485fde4f1bd048b3c0e2e9b
SHA512

0a0aa708cf43d547cae6914f24f553277a6db86a9fbe1e01e4ac7120d95c96fc5197670564e32affd436d84a4b9976856a27f1307405df9c6b9b425cf71ebbbd

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621605134345352"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4780	chrome.exe
4780	chrome.exe
3120	chrome.exe
3120	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe
Token: SeShutdownPrivilege	4780	chrome.exe
Token: SeCreatePagefilePrivilege	4780	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 1524	4780	chrome.exe	80
PID 4780 wrote to memory of 1524	4780	chrome.exe	80
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1156	4780	chrome.exe	81
PID 4780 wrote to memory of 1360	4780	chrome.exe	82
PID 4780 wrote to memory of 1360	4780	chrome.exe	82
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83
PID 4780 wrote to memory of 3312	4780	chrome.exe	83

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\download (9).png"
1⤵
PID:884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffd06f9ab58,0x7ffd06f9ab68,0x7ffd06f9ab78
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:2
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5092 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4216 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4756 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4704 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4808 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:1
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4388 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4160 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4644 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1804,i,6156223737794813606,11897939199081839083,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3120

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b50aab2c6a2397fc83b208a65b59ccb8

SHA1
0c7551c414f12aff1e3a15607ad261e1da436237

SHA256
8cbcefc92b111a843025eab5cdc36d73f83cffff76d2500a18fe07885e75357c

SHA512
94d39a428ddb858e9125ab520ed9935b5b0981325fd6e4d9d9add70b3fbee0b021b64e1a4c1113c391f4a051abbc8cef1ace3aeaca8d9ae500b8830ffd280fec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
df859a518bb252563c94b18de3d7f62e

SHA1
65f73c16a11ff79ed902126b5c2c0b51b7aebc37

SHA256
0b74f3529b4fc35be9ec1e97254e9a8a6cf1062ec05cf25fbb51102f164b9dba

SHA512
90d8dfc0c58b51aeda95ae6dbfd412ec23528965beb09c9f2db973efa9c662e3d628222e049ae8b35854e2f9fad7e1fe695542e15a493374b93620c7a0712d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
878c2268cec10a86f94a9b652f2cfb9f

SHA1
605983b1ca65126f5970abc5afc04a40be272476

SHA256
63bf90bd10500813b574a497c52193b71d1c682dfe0fa03f04a010f399740817

SHA512
241d17381fa8f312e6716cb4874236b5252ae34f6300be20a3800e095e14d91f966e20eb3574d2d6f2b20fa96fab3b3136ae66158142d019a8d2efaec924f731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
dcb1ff2f881c6484a0cd05904e4ab798

SHA1
73507aee173c463bd45ace6225552fe403a293ec

SHA256
6caf581b3e50d8d3689118a328604ee4023455a52a8fe8e06bd5c14249eabd7c

SHA512
9c580d7bbc1cf3f4de8c9c9726d9e8a2e9940392f014c17525686f7524d4e764f99258a547b604e91a6d33f1be92ca98ea87656f13da0e6216035ca97847e42e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
d237bd8405b5d44881ef3f814a1cc738

SHA1
214bd1115eaf6a78e6218cc7b0527df37cb41bd8

SHA256
2cb5a968d9c4d1139d087098bc5f28d38d0c4284d6589b176d3b10d17dbea251

SHA512
230b69d63bafff1c1112cbf417b2a6f2bbc1e3cf465a93acf44ed5a0848335458d505bd92cea5ef9ca31d93fdb1a62b8ecff72d9b13146c51f31701c4a907e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
85deda739f11403c597f219f7b2e496b

SHA1
f05915650ff63d7a4341dfb074030aad427e155c

SHA256
0ab4c7f44f3ae124cbfe4f88c346cec1eb44be11d8fc419a5f0fa884bdb347a9

SHA512
45568113c0c20ede7272560cebef12efa72f5ee9440d6d7cb64eb27fa8f1be3b198067f9740d0dfa75699ed58d447da62a2321e1ad817a95f139c25605672209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
68bd934b05df1fcda6474b1293fbc385

SHA1
450fba70c4ed836e7395b58d68f8c8cdd5dd992b

SHA256
621dc5c92f2b1f730d7899f932348183f9a4d653a675d583bbc18ccc19c41644

SHA512
c21f88b7de27a88c79c4cf8f3104c89f00c7d23d9b4ab23e21ecaa05ec4b51f3ae32cfa9a3731fbd438ef80038407e65d20d4d49db39fba4e3c9f4150771c6d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0ce7030f60d6a6a80eea4e0e05f63803

SHA1
c4a1ba6058e510404732e50fe696e29108f6f2e7

SHA256
c83f0c9aff86d3e31d6442235c1b5be960c8ee61bc52f38f0b403d7ab326b0ba

SHA512
c066be4bc6b453cdd5bdbaa4b4b3abcdd66e89d088a0870d8d184a0712a21518e6a7a529983a04aced99daa8b3cebd0ae35ef9ba08c5ad931296920c58228439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
3d289bb51ac45c519ff3075adb186f41

SHA1
9d6150ac415c95ad8b70ee2a9ae611c65529ae25

SHA256
28f12ed92381129554a65021c86d6813138c6cdb122069154690501b7365b877

SHA512
f025e13d76f49a0ace98330db3dc07cf76e16b62e0977e56caf755d81f7412a0b149b3beefd3f58eb81aad782b2a87314938e320c96de8492123847ae92e11e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58557e.TMP

Filesize
120B

MD5
d247b9673e7c72c013c63a2ee8f1f435

SHA1
a40c22745999dfe1096a0b2493add0a058aedb20

SHA256
6c817c16d2d2fb38523817b3ce43c54ae6cbf715d1788378e8cdb817b489cec2

SHA512
7f0fcbb1f25dd2370ad53c40510c50a6206bafddb50848f23e34439ace0d690f1c1479f1ade9e576012073e1cb775f5d2386f6214608cd47bbf45d198aa1c325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
62d5275fd73306d1619bcf5d18bf9556

SHA1
6af8ebf866ca9639db05742cd5f5ded66f0a2919

SHA256
5a1d41a6e2267403f0aa4595c49018583ee3ad3d93c715164a672fdf946e02c6

SHA512
3cf67d67699cd053d8f14486fd46b346292407528ebae4ee91e5b0cb516c1509186e5c9682670dd71f33e701417c462047f53b60940e7d39188cb985e3f03081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
30d3c1d4bd7cded1a2902f2066f716bb

SHA1
c66bac6024520c1307868bd7bc4a4d1d1b8a1955

SHA256
7fa9589eff1a6ba3ebaf67f778b5abd5e2613aabfd22863bc2f8c3316e8a4201

SHA512
e4883054ab168e9ecfa381cac953be7bfa3410273ec40765c5c8bdd4e5fd821c38895ae261bf1fdb8e1dc44d7a4cb735c87fac97713f086a130e49bfebb7ad29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c270.TMP

Filesize
83KB

MD5
20253edfab52c49ab44fc90e6e17b659

SHA1
6c7b6a342693b05a4b80fb651e4daf240fc43643

SHA256
7c6b9f0d08593cda4aded54a17ccd4dd39e6262eccf90a63796dde132c37e683

SHA512
09eb13985c9197c06be81a2623b056d108b5131161a614d42c0857f20f5dd4235cf890d2a9c2b46385f5a0e6ca772579ad2941b37d79878ecf8a288c53708165

Download Submit