698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
10-06-2024 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
Size

1.1MB
MD5

2713b2e2dca103b7b9c10c9850257f49
SHA1

9d8f41324c20c47759a8961bb4a704acc449a1e0
SHA256

698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf
SHA512

1df4520f6aaa6507b547e7cef681699f7fa01490a313db1886304f82acbf39d7a3e8fbd452792844174e4adfd752349a115de014a4c7cb1b5b5528109d323fae
SSDEEP

24576:dqDEvCTbMWu7rQYlBQcBiT6rprG8aEX2+b+HdiJUO:dTvC/MTQYxsWR7aEX2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133625012355090786"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3062789476-783164490-2318012559-1000\{5F0F404C-A652-4108-A148-AE10B94884CA}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2908	chrome.exe
2908	chrome.exe
3088	chrome.exe
3088	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe
Token: SeShutdownPrivilege	2908	chrome.exe
Token: SeCreatePagefilePrivilege	2908	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
2908	chrome.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
2908	chrome.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
2908	chrome.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 2908	3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe	76
PID 3568 wrote to memory of 2908	3568	698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe	76
PID 2908 wrote to memory of 4144	2908	chrome.exe	79
PID 2908 wrote to memory of 4144	2908	chrome.exe	79
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4556	2908	chrome.exe	80
PID 2908 wrote to memory of 4196	2908	chrome.exe	81
PID 2908 wrote to memory of 4196	2908	chrome.exe	81
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82
PID 2908 wrote to memory of 1440	2908	chrome.exe	82

C:\Users\Admin\AppData\Local\Temp\698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe
"C:\Users\Admin\AppData\Local\Temp\698bffa6a2cc0f4a7d7cb499c12d52e69034067dd85ce5ab462098516a43b4cf.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc502cab58,0x7ffc502cab68,0x7ffc502cab78
    3⤵
    PID:4144
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:2
    3⤵
    PID:4556
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:8
    3⤵
    PID:4196
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2124 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:8
    3⤵
    PID:1440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:1
    3⤵
    PID:3652
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:1
    3⤵
    PID:1444
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3460 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:1
    3⤵
    PID:4884
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3108 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:1
    3⤵
    PID:3668
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4420 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:8
    3⤵
    PID:4636
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4440 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:484
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:8
    3⤵
    PID:3224
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:8
    3⤵
    PID:560
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:8
    3⤵
    PID:1788
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2656 --field-trial-handle=1828,i,12981066501596596987,6928911238423985786,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3088

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
0af3490b47bb57c1f471c4958786bb66

SHA1
b7534a2302ef5ca0d18c181de631396640045915

SHA256
240b814cbee1926541b18e2b25705c7b4719082001e7b8863a723f45b5c8d508

SHA512
e4614e1b9dd76b938af98e7022a58583182fa947b12d26f8ac5569b6822525f76adccd0cfdf9c830b70dec0313447e2fa8e1316c1242d3ad171c73cc7346ba78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6ff49101-bbd2-440d-b4c7-732f92f69a67.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f91e98bea1df7b8fce3c8f73f6290368

SHA1
13bf92127f486f03b31e09c0e88b8812f2e18c23

SHA256
c7e3a62bdfa0e5a7bb7dd0824e40d44ece8617b9316512167994655ae6330f71

SHA512
c5ecd28e14d01c21807c9c6aaff00d0702006c9086480819cf4ac41a7bfa06f7188606cd30e10f89bfa9d380b5ae76e04db426374b38366de677220821e3ad13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d566057d613cd02db7202c4e5e263e8d

SHA1
1d5d6ca9927589ff6b64e39556feba6cb0e7628c

SHA256
4b4936b3591f4bd943c72f01e2437f2a655788b0b144fc275b7e16a43bb72964

SHA512
7b7cbd78b61ba14981e1a690892c006b566cd10eb3251e2b6eb476fe62885e2a4991e3419466ec646655b2756f3c0e3c381b2137bc53d7f4f0b5014a39b93f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
8a62f71d7e62506e8e85d31decfb01e9

SHA1
9cb47064ef00fb51354b733f7634ec7970159e2d

SHA256
200e6b4f364700ea2525af9477e55fe8b98f32e9eed216a3257a9c92f3c87ef2

SHA512
43e963c14722ab052dc541f58e4cd39fff88fbf67aa672308053b727510c5d5321719d1f688450490f66eff0d606927f50b9691f5c982095d2818b37ae0452a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
5f9718d9c0559efd7db53fad5f398b11

SHA1
afc64b2819c2fbfb1efad3dcd9ab499b9f24d0fe

SHA256
c8d4aeda5298016fd8bc4ee7352d198cd03f5c0c98cc9f8fe54a469365303d17

SHA512
d2edca99a5978044ba11df794d240d58e64399a1d345201522f80ae8cbd22ed1b02d664e24191a61c83c1204a99b5ba8d487c16705048530b862b1faab1d703e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1f5de1099261f493ad8ec70349f2b866

SHA1
cf78242e40f0337b2a4ce6c717d65966527a3033

SHA256
f235bb521b5ff0efe2e9302caf783154e9a1fea89ce3a1ba06dfc0d83ae4a799

SHA512
f3a06a5e55b7f229b6232134cc85f4c804590e294f87c4a291cac548952815026e8e782f4e8d707009732a917f0c4a43b57c7d6689d1309d1d511e638cddceee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
2b3de5d15e59e3ff0f8159afd2700423

SHA1
43a3a3b528045b771bddb45f1c8ef30bf0bf7dca

SHA256
a5c19fcc2fe70f145fa706f2337d1b8ee3cb8189a1c2eb3860e1317f0e967040

SHA512
a016ce192a816d89d9711e72fbc9a5572fc1abf137ab730e105cfa1a8fa44d189e1dab59ffe65e1336b156d166f3bd114e91cad518ee01ba8d880407a2a49022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
0a40bada0c7b7725406d02639c86ed1d

SHA1
f562bf0219c358299e0c183dd069527adda6fe34

SHA256
14e6723908cdeebc4381b0af72aa17a6757648a8fdbc56589f30c890ad2ca4c8

SHA512
4dcbfce2cc9782a745d82176ede9945169d06ac8a43543be96d7628c139942b860793efca3a9070bdbf9c50fc0b86ef1437e3e96b91059f6e545bcd3fb5a9a4b

Download Submit