59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0

Analysis

max time kernel
149s
max time network
142s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
16/06/2024, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
Size

1.1MB
MD5

1fbd1e7c3fa11e704f202677669931f5
SHA1

71b4418afc920cb3d9c4222a475e1225bd308578
SHA256

59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0
SHA512

ec40acb37a4730931d72b2a0fcc150086973ab3de43a2fae35125a5a48fb5dd7bc34fc9f2a3fa233f46d5a36c66153bf91e73356201c4ef032312869d2fea3b4
SSDEEP

24576:bqDEvCTbMWu7rQYlBQcBiT6rprG8aue2+b+HdiJUX:bTvC/MTQYxsWR7aue2+b+HoJU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630251778182070"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-952492217-3293592999-1071733403-1000\{F92821D2-2B95-49D8-8B7C-F5662731A66F}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3080	chrome.exe
3080	chrome.exe
1028	chrome.exe
1028	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
3080	chrome.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 3080	1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe	80
PID 1312 wrote to memory of 3080	1312	59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe	80
PID 3080 wrote to memory of 4420	3080	chrome.exe	83
PID 3080 wrote to memory of 4420	3080	chrome.exe	83
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 4400	3080	chrome.exe	85
PID 3080 wrote to memory of 3092	3080	chrome.exe	86
PID 3080 wrote to memory of 3092	3080	chrome.exe	86
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87
PID 3080 wrote to memory of 4752	3080	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe
"C:\Users\Admin\AppData\Local\Temp\59d9cfbab3447809ba3eb0109305dc10beb8331585c6ca2e03e4b23225f710f0.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3080
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2f3dab58,0x7ffa2f3dab68,0x7ffa2f3dab78
    3⤵
    PID:4420
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:2
    3⤵
    PID:4400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:8
    3⤵
    PID:3092
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:8
    3⤵
    PID:4752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:1
    3⤵
    PID:436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:1
    3⤵
    PID:4008
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4044 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:1
    3⤵
    PID:1308
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4244 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:1
    3⤵
    PID:4384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4500 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:8
    3⤵
    PID:2436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:2340
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:8
    3⤵
    PID:744
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:8
    3⤵
    PID:3472
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:8
    3⤵
    PID:488
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1820,i,7780114667810704983,5957719667851814663,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1028

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
38b0fd835c6c1239448bf96bd753a4c9

SHA1
67aab11efcf708f31e2b7ac5e6794229cb8fa4b9

SHA256
4b42bcbbc3e546f7e95b355197320d5c75ccac924e5c9cd1b73df253a7873fbc

SHA512
8705cb7bc296e6af1df199fd4b780af07f4af8eba23ceaf98036f457e4ef85f9e6f35f6bdea627fc27ecf9764850de853405c3bbb63d1e87324593570c9598b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c68bc52623525cdd08cc05054e83abe9

SHA1
6e00bad1ea9621306e50504a026406dc887825e2

SHA256
23c922951cecf04467efd0181aa3eee5abac6e733951d0001a2e79ad2279ec28

SHA512
6b4ba92e912d5b189421448694a5838e57e977f3396b7365c3c69b6c18aa19a06c47fa44fefb0017d148679e863e9ed1f300592b3b6db6cc23889ad777a8aa86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4678094c47dd6912f05efba282089277

SHA1
6f001a42997436c780049065f39e736f69c5a64b

SHA256
1c8389010aaa7a6f50de859ff3ba6a5b6467a4a2744ae66b058062048442b180

SHA512
4642e33f3715883fcda3f2fb2f7c9ee4bf7d74cdce498b2186ed11fc2c79ec1b2014d4b06da1985d8883fec042c5a0a35685eca71c1c59d201035559c22de72e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
d4c398e1d8d1b84d4113847660d25d7f

SHA1
983062cb2209924365a109cb5b697063b854d649

SHA256
d036fd11a6b5ca60e1cf77301c02d9e22e95d0d42e6047e9cfe2a90a57193b23

SHA512
c555dc63aae0854a656aa94a4ced6bcb89a90ec118117f937e8586a050ab6c184d61677fe715ba6842f9909b6f53f4e6a23c5d36bc954356c5ab532a8bb1c48c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
c54cd969595f51f7bdae66ad64f2c107

SHA1
c23a9cd765543e7864e7a7a3210fe784ec450c1e

SHA256
fabf196c142ab1f577d0fa92f56ea7261177dfae50ee3e4ce863f0acc4982edc

SHA512
e840d4fa25c27f0ed2d55fb0211f0d61120bcb294ff52ec9c07f554a25d864ee3b9cfedebfc4a9ed4c6f973330169bb114ddc6ea61d1fc8bddcc46e1c89d4d02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e975e8339cd0d74e3f59bca33bac33f5

SHA1
1c59ea04188b8944b6118a62bb3e8bd121a8b395

SHA256
d0ae4fca3e88ecda3b0ab726933ca35c14a14971a79d2cc371946e613d1bda54

SHA512
2a83608468341d06e0143077631fef67aa6081fa0a05051c7511d9f40f05d50fe31b45907c976346540fe044025e59e36d6fe9f1762af5564e4cac864229c421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
b181ac76ab3ee197ac03d37537d8740e

SHA1
7a9de873a8c636b9eeccc257adc07ad687940da5

SHA256
d8f85c479a64c28274f54fae861f1e592d4f03bfb99eb3f991f7d2f001a8c357

SHA512
6c7dc04ac0590fa6cc0a70f4035603fd5c8d423fac73294f34745bca73882288e88eeb1c780867b4146fbbc1aaba977f1cfe87862ce57ff65d5d6070c6fe587c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
873d7e1fdc0a423caeb024448d2f937f

SHA1
c898fcf5d39f6f58b0f288d36b7e8f028c0ded1e

SHA256
e579eb6aa3634c2d94d9ee0737577b072ecf15ecf1437bf40d4ea3313ac1e83a

SHA512
957492cb2a7877182d399fb5d90a7cf4677f53d2af0b9118d289230de1b360d743c7561f8f24a78300dae84c39b3a28bb2e7fbaea1006f2aabdc9c74b867941e

Download Submit