2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 01:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
Size

1.1MB
MD5

0bdc931dfbf405332ba87054d9096a2e
SHA1

1ecc8bb8d214b720247664d0393aa8ec10a23703
SHA256

2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6
SHA512

06d5e10900fd959c14f0cf8eeaae30cdb9d8b95894dfa0109b2dc22e416ac9bc62af6389b03b5c087827a9ce064f28996984f0e8a12b2cfd0f3e80d28422044c
SSDEEP

24576:WqDEvCTbMWu7rQYlBQcBiT6rprG8ar42+b+HdiJUK:WTvC/MTQYxsWR7ar42+b+HoJU

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\Control Panel\International\Geo\Nation	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722186435589394"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4724	chrome.exe
4724	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 4724	3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe	85
PID 3020 wrote to memory of 4724	3020	2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe	85
PID 4724 wrote to memory of 4764	4724	chrome.exe	88
PID 4724 wrote to memory of 4764	4724	chrome.exe	88
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 2944	4724	chrome.exe	90
PID 4724 wrote to memory of 1452	4724	chrome.exe	91
PID 4724 wrote to memory of 1452	4724	chrome.exe	91
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92
PID 4724 wrote to memory of 4976	4724	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe
"C:\Users\Admin\AppData\Local\Temp\2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8c1fccc40,0x7ff8c1fccc4c,0x7ff8c1fccc58
    3⤵
    PID:4764
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,18346460550217507345,9344059132426789937,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2000 /prefetch:2
    3⤵
    PID:2944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1928,i,18346460550217507345,9344059132426789937,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2036 /prefetch:3
    3⤵
    PID:1452
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,18346460550217507345,9344059132426789937,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2300 /prefetch:8
    3⤵
    PID:4976
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,18346460550217507345,9344059132426789937,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3160 /prefetch:1
    3⤵
    PID:4608
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,18346460550217507345,9344059132426789937,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:700
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,18346460550217507345,9344059132426789937,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4744 /prefetch:8
    3⤵
    PID:616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,18346460550217507345,9344059132426789937,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4760 /prefetch:8
    3⤵
    PID:2284
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4924,i,18346460550217507345,9344059132426789937,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4376 /prefetch:8
    3⤵
    PID:3268
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,18346460550217507345,9344059132426789937,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4736 /prefetch:8
    3⤵
    PID:3640
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4636,i,18346460550217507345,9344059132426789937,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=4920 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1652

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8a4771f5-96f9-4645-a634-14d7e9b40300.tmp

Filesize
225KB

MD5
9103a5e7a2b3518237389dbba3899876

SHA1
e273509708074e01e5650e4332e06e377f4e1a49

SHA256
a28fcc907627ec8f971382ca9a1e6b0b5cbeee03aefab73f2bcd99278acb34ae

SHA512
dc1afbe4e63167764e268b77f7fb586d133f4fbca32ee34490d7d899e7d7b75d12273f94f3c34789ab6b8d131920253b6ad0b54b68d5ab031c03e96ab8b4b47a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
97196b4c9f97161c8fe32a98acab7b56

SHA1
bc0732b278e4907059724664d718ef3e9750a507

SHA256
8ef484137d9a508759f1dbca30f2c31ea76f639da9aaaef6fa0760da3a97b94c

SHA512
093d9fca623f9c3fd72896eae2b51b27c99a11185d16850cfb7f759239fe4c8add79a61fcda1eea4fe00e084318debf6c141e89205cc288ab4913869aae9590f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
cb4fb0dd7f0ba0362a23eed8bf03af20

SHA1
2fa2997bb9e0507d9df33c94ec096de09420323b

SHA256
92a9f68f6360e4dc5f39e733a23e27c846872b57edfba29aab5e11eb98c5598f

SHA512
6beef904edac883df8e89ceafa6e7c8108a6d45bee9ab6bb37749168bf47c736bf7048742189480b3adeab97a21715eaa55eff0e276f3384b14365b25493d99a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
581f7514ce661ac0b839202b96e0083e

SHA1
4b96a455b7bb2583ed6b48ffad9802e5fd612df5

SHA256
e7ff17ca1b688d5404ac8da9edbfd9aa9b7633d9021b85a9cb167c99a2ce6e82

SHA512
77757351216b65e75ff9b62a805e7f8dd5ede24b64104d68a517e0704f5f6d3ab00084e40bca7dbdf84ec5f9fd0ca8f6ee786030e01125d4c69b8597a55f605d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
32cfbefdc5c4ff783e3ec4db67d75404

SHA1
81bd1ddb3e0ad0c28f2c27cfc290a079ad65fdad

SHA256
5a7f91ca481480f97de1253bc3342977b41473492f0a4c2bd9e458ec8e90649f

SHA512
2cc086b719a393f605cff4d81badef1eae013de5d29112a861808b6e5f07091393e6613b89bb9acb628fd99e7e61ca1cb2c14d96d0f9f094659392dd16d59e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
bf86a62484767c8b8c6efed1af3d627d

SHA1
3745c1a83f02a03a2367fa80eb7b8510f7e5d7e8

SHA256
eef6198974d60a324b3bbf9dd418428338832525636835e5dc5bb3c57eb4887a

SHA512
af294919497cdb1df9a5bc9e93683cb75d462e05ecbcb4c2c902f795821bf38ddaa5432c50ca6de2ed89546f7737c7e9c6e597d99be0ec06a0d993db15f393dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
49c195349c38e105e16b875205a0c303

SHA1
bbfd10da3e2b9f39c1f28de778520566f059f74f

SHA256
a6c3e7479a3bd4307f75b80561bf3d6b979793ce85ae1d35ef8a3836a181e140

SHA512
a97a30c408d1bc6723a76d718e4d4dc19f5d093a14b9d08fef0c179506fb0121bb00aff24a0b0d313801d8c67f52b592b9734f7cdaff27d90c39271dab4e32d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2596f2624d3a66c8ba636194210ada60

SHA1
4655a3b4e757965ef8992f2430ddd4f4dca3837c

SHA256
0537ddfd43f823cb8566bb0d5f95554090e7fe5c69b401b1d2b43794fc806245

SHA512
b6e66637b29be907d558416a4e2eac3340efb56bfc37afd95428fc27676a36bce625868c7be9a03ae4b6377e6003cddae6741832516d06ce2e68d503da9646b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3b8a44597aabec6d2b1693cb90f0766

SHA1
d46a306ba8da22d959c1ff56cba2fc8b3ace8772

SHA256
9a87f609c1b68e9a8866b745cd536c02af7ca88647a117acc37115a0b39dfad3

SHA512
f96ce775689ca40e3c8831943ac622fe886f6b39426ed6f9d6729644279684846ec520b5f2921786097412f61bc1d6259090cfc212f05f7f143d7b4e26a739c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9bbdc75dc417af1e649e76e92092f81d

SHA1
5d344432416f6337b63caf8e0833dd685e743df2

SHA256
cd4d579c5c2b51c565578d1cd50a387cf24e4399ca82241d5f2a9df19d4f057c

SHA512
04f5a1498a6ddaee229840a035cd43f70f01b8179f5ba7c120bfd5861313fa3b0ab38ecfbe4717c70389330813fdb7a1313f69e08354842df826d157a7a6f71c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8cb7b3a6dde0d931fb21ca90a28ec005

SHA1
8cd78d4b3d3352132247f6eff43185183fde9627

SHA256
b91f264b3c273d2eee962e19893005e5b5e118a8baf299091c40ba30465ee7ad

SHA512
07fb63197d1bd34cda68c27f4520923f0b27969d5e427e524e3abf683a4ee9f4008d768dbde2facab4ac5ef5f48f1a8b5f76c78918677b72454344dfece13ccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3df40111d08ab954834ce6b9ce148eaf

SHA1
b92e75dc3f9736154a847cfdc7279d1e6c96e993

SHA256
a01852cd4c2f837cec45d5ea142782a8b54b03255795cfd32a0781ad02e632ff

SHA512
981288ca8f14650d968e4dd35b0d69d7165e3faa76637eb683f7f1717060d7d0e104a8c3c3c64b7d09265320d93b7012d89dd3244a084d00a081087973b55074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
e7b2d71afd6afbaa8bd0e2d71320634b

SHA1
95ba7a7a86df0ed22b262acbfc912abb34cc61fa

SHA256
d4a3689bae6f232392f6c4be0f9c4d507b6ab0073e2297fe4048ab5b11e1d173

SHA512
374ae9d32e013de4fc6ffd13c275f3df5a26810a145a17c7fd1a54e09c2c31c3eb1c797de24fa7736b683478544cd5bc4c4f9cab49c7a1ddfe6765f5363d46e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
225KB

MD5
5ae2854f6725d2c8b4ff5459d97e3462

SHA1
f980b3529a7c43b7f9ecb9f3394aeb32ff008103

SHA256
6550fb5278d17ba9138388775667f4b5cdcf98509043268ef1bb5219db1702c4

SHA512
5e727b22dec233b53804afb723faca9ade3b754be4dd118f6e700ad2a652b3b14405d0afa09f83dc84b01a5aec09e9d32df9a1017cd80501b8e46eaa1a932622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
112KB

MD5
0877ceb604e7e07540e92a6411bae88c

SHA1
c4d7f8ec76e17e856627fdb978c07c0440a6efd8

SHA256
598718781e4a340145ffb25ef919031e628acf78f512e76252d033c6c893eb69

SHA512
9e95124e83687c2e27b1ffc515aa06906beca5b739ff0aacc4bb25b9757a701abfa36605f1fa9afe66609528c09dd8b929f5632a54701eb1ac287dbe2fb6b760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
225KB

MD5
acc46a88403d56354d9b03d5d175e5fc

SHA1
868f000198b434f4d8eb2ddedf793dc9d7f271c2

SHA256
7d7991d858d33945c245103d06b62a8a6139694fe4924b6bac9f02b54591784f

SHA512
332aa81420349b7c23bb613b01fa0d7c485dc5f2e832c3c194b14ca623c0af1ba95240cb9a8fe6022546b6acbbd39bc0fe07aecde089adbd0c062172402182d8

Download Submit