6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb

Analysis

max time kernel
150s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 20:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
Size

1.1MB
MD5

df3346d4565d02d2a185987cf80f943c
SHA1

09543a898c923676536530f3299c04b7f9b6537d
SHA256

6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb
SHA512

390328a2237e68e7217b0fccdbb4c100c42b85948f0a078fd90fb70bc2dbad7799229409a4294a5912a0c0c672c4847049a4ccb09fe44c1659214cf2ea8f26e9
SSDEEP

24576:jqDEvCTbMWu7rQYlBQcBiT6rprG8aur2+b+HdiJUX:jTvC/MTQYxsWR7aur2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630432508155345"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{2E545130-E1C9-4652-955A-5AB60FC9E388}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3216	chrome.exe
3216	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
3216	chrome.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 3216	1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe	82
PID 1984 wrote to memory of 3216	1984	6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe	82
PID 3216 wrote to memory of 4728	3216	chrome.exe	84
PID 3216 wrote to memory of 4728	3216	chrome.exe	84
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 2880	3216	chrome.exe	87
PID 3216 wrote to memory of 4888	3216	chrome.exe	88
PID 3216 wrote to memory of 4888	3216	chrome.exe	88
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89
PID 3216 wrote to memory of 3756	3216	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe
"C:\Users\Admin\AppData\Local\Temp\6170f52827dd688315b1ee43bc03c7b84d833e1bec8d7fb71aa9a124b2cf01eb.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3216
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7b6cab58,0x7ffd7b6cab68,0x7ffd7b6cab78
    3⤵
    PID:4728
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:2
    3⤵
    PID:2880
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:8
    3⤵
    PID:4888
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:8
    3⤵
    PID:3756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:1
    3⤵
    PID:1960
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:1
    3⤵
    PID:3504
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4308 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:1
    3⤵
    PID:640
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3404 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:1
    3⤵
    PID:2420
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3376 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:8
    3⤵
    PID:3888
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:8
    3⤵
    PID:2640
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:8
    3⤵
    PID:4656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:8
    3⤵
    PID:4264
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2588 --field-trial-handle=1916,i,16780351753684737071,13825224444399608155,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3936

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
dfde0d1aa5147652294dea23aa85a942

SHA1
5a4724908e2590fbcedb77d9fc3693e364027ccb

SHA256
5ccc1c380273a497517c9dc88500abf2b06da951e8bbcff823821e58d1d77b67

SHA512
0559cdde59bc3d36049f8dcacc4518633011ad295e25eee4d21a3705f8b3b23da0b1d933b0022c5fe225a801af204d6a2d60df99ff8b8399666c167d795101d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c5b091920cc9fdde67ebaf76d4b7aea3

SHA1
18db143a883a381b661a466a62226e03f02f3525

SHA256
051473d6c32eec18edc270e6b44846995cb12a344303924be7a504340bc46f9d

SHA512
3ff2c800e35be637bf14a77105e380af73a003fbe6c1590dcded539e83c532b5d0a01083acb15f715f6f182c2925593d4f5f4d567c821dc61ad65e88505a82eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a9e11a23597a3c85232d4f9e65c56485

SHA1
7a8030f37ac9d65a3612de0fa1b38ee597c0c8eb

SHA256
7eb900e37f449c5b518f13bb692400c46e78534baae05881cdc105a86401e3d1

SHA512
97dc19af61e63a4f0cf3291567f30be3d28e51119885b28a81ee69d23efed8c6a82608e50dda57e773c14585f79081c861fcc39c9319d369a54f38018298a879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
593d3593a3a20ca5094fbbbae8a770ea

SHA1
62f09a8be9270701fc5620e8c899a4abd22dc3c8

SHA256
665284c97ef6905961d48f24a007618a4886f4d20c8652ec9db66ec9705af287

SHA512
3e05865aaa7203a4e7a87ebf1bb73292d5da912c3e9f5fdb11632a57d1a6dc5d1ed85de1869585afe5ff1527e09173614b0722999eea1ab954264c32dd483485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
86234ca0a0052a88fbcc243202c501b5

SHA1
14b81faea283e2e60fd1e95e0a52182799929ecf

SHA256
7bd004eca1d74562b26a5e698786ec91933b26e70a53430f865dc4df5dce5c87

SHA512
2f7b736f0d58682236e6f4e6a1d73793fec497e27ef2148ac3a8cbd995a3be8036a57aac14736a029e031eafd999de8b05b404a45bc4b01be02839ec15bf562e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4d476b3b71097ead2be7c663b62aa455

SHA1
26767333c51e2e483163fa1143d93b17d3f16e01

SHA256
50fb4d859807158fc29d7c2b3c53e4fcf88d75ba7179c26a25aaf38f38920576

SHA512
14e123372927c44ac225989fa13c43b25b495264b29d43ee470a16baf70b413fe18b338dbe110d8d7cab5c77ba757aa00b2145f3dfae9359b3edec16ca5a28e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
b8ad4ff47b51d514a05cad31cf92f010

SHA1
33c055ccab2a4a2375777b4e62fc640c7c1c2808

SHA256
7d7719c72ad80474f8023a6286649c60f5c06e7363d1a81a3fd7f858a329061f

SHA512
5efd40e3eef812aee2bead79eeaa4166d6c66f1c5d6bd9b0cf032ed13dec3c1c5b4eeafaba7fde73d58116379fd8d0e688bee19d87d5736420623a3edbdabcd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
42f67c6e07afdb7210442e7369e62faf

SHA1
7ba5ee0b528d13549cda9a3da31d146ceccd6128

SHA256
928a60a05322bfdbe7479fff2a9150f4062ae4d431a0ffbdbf43b4fb5bbf684c

SHA512
1dfc66e481018242154c87c4b3b65eaa76b8c261474a681aa1c804cea59e248a4b86e02499348faf85e535860223c990ef35c2041f60829dba3c8757f8aca75f

Download Submit