61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 21:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
Size

1.1MB
MD5

cc9b6d36ea2bd502756d0423ca2cb13b
SHA1

274a9b6ec3835dc06c5349a9a9f8333292934dab
SHA256

61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2
SHA512

eafaef046439b84552d25a17cd0f94331fa7be1d93d11b2ebd33c82ec36d391624ed582154ed3f7d1c2283c74dcecdac8c105cad491d15a686518089c3313ae0
SSDEEP

24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8aSv2+b+HdiJUX:4TvC/MTQYxsWR7aSv2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623558616386506"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{FEE55C89-771F-4A29-85EA-EF31EC5D0D9C}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
1740	chrome.exe
1740	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4796	chrome.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 4796	4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe	85
PID 4508 wrote to memory of 4796	4508	61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe	85
PID 4796 wrote to memory of 2496	4796	chrome.exe	87
PID 4796 wrote to memory of 2496	4796	chrome.exe	87
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 1784	4796	chrome.exe	88
PID 4796 wrote to memory of 4992	4796	chrome.exe	89
PID 4796 wrote to memory of 4992	4796	chrome.exe	89
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90
PID 4796 wrote to memory of 1540	4796	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe
"C:\Users\Admin\AppData\Local\Temp\61e89c58ca7bb7a4debe0ff7bbff134adfe228cc1bf28b5a685e862096e70ab2.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4796
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd23d0ab58,0x7ffd23d0ab68,0x7ffd23d0ab78
    3⤵
    PID:2496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:2
    3⤵
    PID:1784
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:8
    3⤵
    PID:4992
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:8
    3⤵
    PID:1540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:1
    3⤵
    PID:2080
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:1
    3⤵
    PID:2816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:1
    3⤵
    PID:396
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4036 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:1
    3⤵
    PID:232
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4632 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:8
    3⤵
    PID:672
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:3312
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:8
    3⤵
    PID:2188
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:8
    3⤵
    PID:5084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:8
    3⤵
    PID:3952
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1852,i,10744965251494667348,15535649242651923506,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1740

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
992aa2498b32920fdbc72217ae8a32f2

SHA1
0da1845003366508563f7fb6a6ec39321a06c50b

SHA256
293658722b1f7d406f4c63e63c2bad8a4afec5d4395031b4643f02be4d719a0c

SHA512
45953a806cbe3155bc066c226c4c3196e68e27a0a786d1b59c553b7f10305ab16de5db3e6b2ee9d52a2ad4d775d7c6b0faaf82a3cb6c73cf36b7c7143fd842bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
88f880531d638e81b3aee0a2609af66f

SHA1
e08582eec5f964a686d013378ccbdb96a1f16049

SHA256
203ee0bc60a22e1f603b1c6f78c00a9ad2884250405fb1f64184dc001c10e675

SHA512
096b4c4e721d59e7f54f8026422d89e83630a50baf7d42b4ac1b872a929aabb31fc690c4e62fb39b880183af27ba4fc7ed944e40cd603a135b0de950722e26ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
15f700dc401c35503be848cf812dc146

SHA1
bd9442e5c5e9d3bf39093234c12fa68650d40f57

SHA256
7a3315627e4d8331cdb0195d2654bbd1beba660f970024a892b1ca57b4ba342d

SHA512
dcc656a3d6b0bf065d73130b2e7ae8b7ac0dd9d6f9681c0a817e7df76d4021d96a5e2d45bd925df1ccae2b7db7ef01e34f3965e09dc24503b146f3a534d862da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c91e3a67da5c782304d7ed3cec0dd69d

SHA1
dcb02220abb08bfd34534cf4c07457bad6601726

SHA256
a7d8eeb919ebbd351344ff3b7a3805afb8ca7af79bfb092f182c8fa4a0b73961

SHA512
fbce04618c60611866bb8a12b5b3afde889bfff6b7290e4b68d3ce4db36faf1970a9c5a208b3bfa3dec55ef4488503d918faed8f401516f7db34722f69f2e272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
5f740af7e453c41b22cabde07320def1

SHA1
9cb45f24081a5d00c454cbb77190500487a9cd16

SHA256
7a121bc9f57f7f33898dfe6e1a9ffc62dbdb0e3d5c77573434ae0488a19fb359

SHA512
1ee3800f0ee157331c56c596f473716b9cc22025c9d1766f57540bd55a692b7df8b06bd5e6c7613a93ea617440abd61be751bd79892fcd99a3db804403f96acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
a70c4e77e0a52837cd385a771ec4964d

SHA1
548461ab578b700274df2d46f83fce7db0961a86

SHA256
774cb0a1f869bf7795ffdf22f9739e5c24255c37f0dba0885a4a426887249ab7

SHA512
5e4668a5d3af7b84267aedb053a821ec702ca7dfd462d4fb47e4fffa37fbe5a726b0a90eef7722d0ae852bd8eb41c1e61ac0d707eb9671673bcca2b74e197397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
350aa742a31b78d327fb2edcde369ae4

SHA1
a5c17de839d84a64f35a3939406b9a2abdc713a5

SHA256
323c4f00086fc9a991c9f2ec4637470f976f6f05d7fe4378424e17e8dc59fd4c

SHA512
3ab0b7f7913a13381ac9900f80500f9892e1ede5a028072adff0444eddbe3c231b6252c7093ab8223bbe0f7600a69a8de7d2f5758e168235303394041be322b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d81559cc432fed8f38863eed167a8a4c

SHA1
7c394b89b2b85ff34a4995dc110666dd654f3e1a

SHA256
c3c753fcc43dd4e280e5e7386a7fe7d5a14f5c3cabca16a1f3a2cec5d823dba7

SHA512
025e0d590e32a1d3820717384d1a50ed38a166c0196b005decf20fef3d029fabb53dd154e7e602aa2341195f72a69f010a109460ecdea6922929160bcf5d7c12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
a7b670678c0398385715d4765aa8c514

SHA1
39d86135bd95f4f1e9c845961ad909843dfd0ceb

SHA256
8aabbafd6e58015cfe8430d29795e171e07fa4b3f09b78c33e01be18511d4305

SHA512
b7127bfb3b267cdb321780313dd76c3d969732866d13c587d9a38ee355003189e0a72de0bd565c0d56d422e66ecee02f7e4e4ac065f0bd8b6c2940f4b8a958d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
3f2e9bdf865b2205947139213479694c

SHA1
014429cf572534e6d1ec19445110d23d06f2814d

SHA256
dde939994dd5b7f39181ee178ca65276d87f9e5d7b3717ebbcd7c7709bcc8116

SHA512
bd8802d4779c38320ea9ceb3ecbf10dcdd1f856b07635208281b5a94cb3ecf1fe5c2d0e1831704bfbf4e6751a68cb2f4797a45a57aafaec1ddd0e3d520eca732

Download Submit