430e2fe96bbd2fcb4368c66933130180ce2d2e1779a8acbc3bb9e2483698c717

Analysis

max time kernel
88s
max time network
90s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-10-2024 15:41

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Screenshot 2024-10-09 at 17.16.05.png
Size

1.8MB
MD5

2655a7064dbb44765d6ff2c8bae0dbd0
SHA1

2b63da1f66feb02ed31d44237d1a6eb1c8f14b7d
SHA256

430e2fe96bbd2fcb4368c66933130180ce2d2e1779a8acbc3bb9e2483698c717
SHA512

cbe4e1cd829ab028147c7f273b3fece3b5404e9f2d9b8511fcbc2d9719baf7d656f1340aa840c4fda07e0bdf9dfb10d4911d35f3d30e8a6a9d63d2798c339c56
SSDEEP

49152:l8hn4rUkPlsFOCbZQgg7lHJm1sdHdce2g8CJFhZxMjQRVTwUvlBUTu:lskPlsMCbhg7zMoHF2g8C5RVTwUDUTu

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733077668866618"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "186"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1028	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2188	1996	chrome.exe	85
PID 1996 wrote to memory of 2188	1996	chrome.exe	85
PID 4892 wrote to memory of 2568	4892	chrome.exe	87
PID 4892 wrote to memory of 2568	4892	chrome.exe	87
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 2404	1996	chrome.exe	88
PID 1996 wrote to memory of 1652	1996	chrome.exe	89
PID 1996 wrote to memory of 1652	1996	chrome.exe	89
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90
PID 1996 wrote to memory of 4172	1996	chrome.exe	90

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-10-09 at 17.16.05.png"
1⤵
PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff83afdcc40,0x7ff83afdcc4c,0x7ff83afdcc58
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4508,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4356,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4928,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5188,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4684,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4736,i,1422542681130005671,2017955915292943489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:1616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83afdcc40,0x7ff83afdcc4c,0x7ff83afdcc58
  2⤵
  PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83afdcc40,0x7ff83afdcc4c,0x7ff83afdcc58
  2⤵
  PID:3076

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3692

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a1d855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2d6ad887d6f7cacf70a0be38f3d13b9d

SHA1
eaf80beca7cc5f330b0380d968ee0f00393e674f

SHA256
d5265f99818094497cc66af1a6749e8ee14ac5efd2716c7e47206184383011ee

SHA512
4f87495446d2068c831dee42bcfc868710e8c36c5cb20386d95e86a30c7a2d23df7ac57aa1cf021b5b059e26d29de12f17548aff43684aa79ece096f4f6c6e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\93f9fc32-ff6f-431a-8587-9fea1ce3ae24.tmp

Filesize
9KB

MD5
f302694d26feb6a0b7ac5debe6e1916e

SHA1
b684644125d701121ad00e300079a36a2376ba28

SHA256
d826df6eda4f6b2f0e5a4e1e2d84334d23032cac65e27e3d0a905e9ccea1720b

SHA512
a36ab2f68edd78de96f564442281fe349fb6c840911a4e6dbaa2b488779b941fb15e7d37633710e25c5badea2f58b0a9636040d873ad58cb4392e3ef92d3fb2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8a965f2454d56d54ebf4e1b415bd7473

SHA1
9271f7c886d5c7abb3599580d1731e7704458752

SHA256
f17244b6d604daf8e4983963ef66db2e4a5d6247a350fb7666b279569f34fc23

SHA512
dab1fc8b5117a24cdfc5c8e781b2d25da9387ba24c9c639cfe3036fcf64f4a30d0c1c75884303e592f5d19f0fb5c7c63345936a2e6f70b792421d270aa53f922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b3ee681ab4febf8bcdbbdc2a0cda3128

SHA1
0c77b6ae1d0b0a53fba494db1576e9a6415afb57

SHA256
d5f193a848ce36285f2c88d045574340becb8aea52936425e2e5f909f1462777

SHA512
74641433cc2aa89b71a4bd0ec52f383252b15fa2e9de379fb3f629241a9ab3d6667b525c85d1dbcaf5c75f9ec00085df8c070eced854753d037257271368b93f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
27377d7505251049c918b1d4f160ba21

SHA1
1802a907db838275bb387efa5d56ad3c50cf8d2d

SHA256
ca29e73e6a9023602d1809c01087c074228f702b4474b69f6c0913bfaeb106f8

SHA512
888f118c0b3e81ea07fc58a2a2f90df5d2cda4eac4f7125b3a38c8f4f24a3c2ff8e7435b1f19f975c673a6c4cd4d4a40d4fd4b02094e37b8f067697f0661264b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6aba9daa5745a199e12c32e71a4bd7ab

SHA1
b51f348ce479afdaa942bfbfd8bd5aaeba59c334

SHA256
41e379584d4026fcffce4ed8fa53c8d784fe1f760192110abf644f9ab356bfb9

SHA512
b1aaa3ac4c3d2fdd80cf1ac2e00228f20bc94a33cfccde1d190259715fd4c97b7f791b84737942c2c5440b83eada7c5ae052fe1979c7fb70b2bcf0bf0f0de1d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
6d18a6323e4d312f033c15403b18687a

SHA1
74695a26a934f2452fe47fbd40e1acf13d5cb004

SHA256
278980591868ae8b1af78413211c5d021f55e32b15726c717dc82e3ec4eee367

SHA512
9a056bad47d72105c0b4736f85090e08a942b00a24d0882367114cbd536cd1f3e09a6020063cda3903c5da3f2a3c03c4618633fb5ebba5cb03d3444d45ad2650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e8db14abc42fafac6c372f90fd8a8a89

SHA1
8460195c70ef47447e8a8d0e9b7e813d2fa15c3f

SHA256
3c5df8162bb6a5da348bf05e4bae69b3b09144da9da239ef01fc00024ada70bf

SHA512
4d1715b888f92e6dc8a82a3d5e448ce9379c7165d17fe48b3ca261bfd1b06ac005b74a5054e060cf74c86ed224669e149e177b54343e87cd823f510146b3f341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6871c5b3890137b5ff08393ea2a1619a

SHA1
3a20c3f12ea9e461855f290b9faafee7179a0218

SHA256
d00866ea976e5c7c1043efee7587ed17d1459ec7b01a81d244442672a3390a15

SHA512
d95bcbc677662ca18a357c5486fc34536b6b634aac7ca7ab42f6efde7089f704fec70c9eaf0c3360dc66af3c81483a174eb9240f8098b6595feb4dae521daf60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
caebc2b0b37e68ae5b15a86f28dcc041

SHA1
a3610664c80efffe3de86b81e96fd629b19ba9ec

SHA256
1417008c72a4f174c5f0c0dabb14230c4fa0ad2aa6354c3ef71b706fe28ec8e7

SHA512
d7856ee566b811f384df23020da42d3abaa749c046af0eb50d720a2f46961fcd97504d7aa76bf9d252aa772d8514e783d05f29c92e705f65fb0eab76b9dccb1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
848b08a2a95633887815383e50f7468f

SHA1
cc2051392631e59b0007258a01f194a4970b3b03

SHA256
ba9e98ce5efff12ba2329f3bb2a9db042ba9ddd3e68979281d0bdc355479bbcc

SHA512
cb737851c0b8503510c0c51bdbf761a64c5f9db644e6fd0fba829533050d22f3b3c6924ce1267c742e6f3a3148cf09751338a581b1c1ea7caf6d5f9b1b0d28b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
14e51879feb0d031986cb44d7502bc37

SHA1
44e1435fba4b47f2d242c3bef1de89a96a3c311f

SHA256
a51293d6dbd5c8d425cc01bfd8560e638b3981f11a662cd223cf61f00ebf7fdd

SHA512
e4e2a33b342ac28c6bb91e812eec8fdfd1f9b6944f9883f757699ee251a51c9b49398f8188419f89208ed07b43a8a2d9714f4c3e8d8e0bcb5ed7c25f1f80bc4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
60db5ca18b142e490c3a543fc903e19d

SHA1
21966378e1a11f3b86ffef0de84f4a500ddaef4e

SHA256
5733b6285d03cee70fabe9df2bb56acc5c8bbf462c66ce36497dfdc2a5fa27d9

SHA512
7c8d1cf8b5b8f5480e07400bf46415e82812d2803592df16e037ccb0e89dd18d6e1dd64f25a8882034824d2fd3dfa31999781d0f5b903491f3f0e346355902a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ba8c46d9d87cf908ab9768d65d08456b

SHA1
0750a28cb7754b6f2d7e0b4b16bae035504637ab

SHA256
0bfd7c562cbb880787838365dae14f522736b289a626b4cde6bd4ee8a33d5008

SHA512
e02b72ec27785e238b62957f3360e1db43f2e479cfd38a958a9aeff16d902c18d317a4ff87c72bfbeb12904b6885643c2d3e7a2bdf2667b570d1765150341f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
ffa521e7a8666f0f8cc92a2c4e7c007b

SHA1
3f26113b9fad180d6fc5fb74a129c68a771f028f

SHA256
e3ea49a0eff750bbe8107583118536ebe6c9c8f170605e949e0e7615ac9ad8ff

SHA512
f8f1545e18f68716732706c1c6f5e9d6b878e0719d8461c0d21c2a4e1147caf8505f6c5dd34e79217f1cf19aba65bdbe4f5c16fd1c67d3e1cebd05c065857565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4aed68450a0cfc039670c1a5296afe5b

SHA1
555b5b14c66cc3293332949473c6dbba12f8c2c8

SHA256
7486a22839090f7abe4be227019644927ec0efbcde8fb4878fbb86895f0e560f

SHA512
59814aab28051294a50c58640996b683cfe7cceed366cffa690a88561f7b986204290e6c92a890600cccb854fc68cddd37b7d77231503ac3a66c84fab8e952e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
26a164ebd80a2893cc0b64a9c4313318

SHA1
910d52bef1dca1a8ca3ef9c954f1d0bdbcc6d1e2

SHA256
cd0a14ae6d05a410bb2767108bbb9770d384893b6ff5bdb6f30aa53e39bb80ea

SHA512
a56a0763bedc6482a903de3e0dea5517d4f9c858b3247244c56c0cdb0c1470e0b10d87a3d50f6f8c8b7b3a89d3fdad3cc98f1073059e2965edeebdbcb306ceb3

Download Submit