b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
Size

1.1MB
MD5

3fa20563982d8ce06d23b5b732e173e7
SHA1

ede0720dba200458ec18765bba7ffe993fc2a14b
SHA256

b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149
SHA512

bc2c626553bafbd893d79b672402c6aadf2abc4c5161c0b1b0b8bdc20fe307ec99357a0b5c9d741faf099a6e04ef31a51412b701a5fb4ed65651b01f91e788f6
SSDEEP

24576:+qDEvCTbMWu7rQYlBQcBiT6rprG8aST2+b+HdiJUd:+TvC/MTQYxsWR7aST2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572126259306488"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2024	chrome.exe
2024	chrome.exe
2776	chrome.exe
2776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe
Token: SeShutdownPrivilege	2024	chrome.exe
Token: SeCreatePagefilePrivilege	2024	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2024	chrome.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2024	chrome.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2024	2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe	89
PID 2660 wrote to memory of 2024	2660	b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe	89
PID 2024 wrote to memory of 3748	2024	chrome.exe	91
PID 2024 wrote to memory of 3748	2024	chrome.exe	91
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3080	2024	chrome.exe	93
PID 2024 wrote to memory of 3908	2024	chrome.exe	94
PID 2024 wrote to memory of 3908	2024	chrome.exe	94
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95
PID 2024 wrote to memory of 1736	2024	chrome.exe	95

C:\Users\Admin\AppData\Local\Temp\b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe
"C:\Users\Admin\AppData\Local\Temp\b0385210653a2a5bdf70553cba1b18b6275773e4b6154ea105a273fa65ca1149.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff942cc9758,0x7ff942cc9768,0x7ff942cc9778
    3⤵
    PID:3748
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1888,i,4251606021990535588,12780785024989419469,131072 /prefetch:2
    3⤵
    PID:3080
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1888,i,4251606021990535588,12780785024989419469,131072 /prefetch:8
    3⤵
    PID:3908
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1888,i,4251606021990535588,12780785024989419469,131072 /prefetch:8
    3⤵
    PID:1736
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1888,i,4251606021990535588,12780785024989419469,131072 /prefetch:1
    3⤵
    PID:668
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1888,i,4251606021990535588,12780785024989419469,131072 /prefetch:1
    3⤵
    PID:4456
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3996 --field-trial-handle=1888,i,4251606021990535588,12780785024989419469,131072 /prefetch:1
    3⤵
    PID:3192
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1888,i,4251606021990535588,12780785024989419469,131072 /prefetch:8
    3⤵
    PID:4828
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1888,i,4251606021990535588,12780785024989419469,131072 /prefetch:8
    3⤵
    PID:1124
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3212 --field-trial-handle=1888,i,4251606021990535588,12780785024989419469,131072 /prefetch:8
    3⤵
    PID:4900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2960 --field-trial-handle=1888,i,4251606021990535588,12780785024989419469,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
a3f51f23f2c2b479df970737a09cd52f

SHA1
b7637a1d188a07b393301c038e9ca513de8c6a16

SHA256
7c7ac2663513b4fb20d4c7f2969ecebb2e7ca2f1df285d1217d4edfe75eb5dac

SHA512
c06c9b989ce75aa4b2c5b26d4053c39ec97d44d2926b5b1092a036ccb067e3c06a6089e802ea232d35fc9f74b4a2a9966e7486eac0422b378ee3100f6a44ccd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6c2f6eb484aaad0a499dcb9a8350f7d0

SHA1
a5e981e1452156611acc56d7ec20a0540a483f7a

SHA256
e4af22a1927fcf650762164d1aa0679e5e696341de24a5483f47153f5eb6c6ae

SHA512
bbcf56d50f498bf1efda21fa2ed63527501428dd5a308effaedfd982903678f8af19e96ad2b920b7c565886ff5a7f48e795bef95b8ea0803c2c933b048b5ce98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3ad2f07895bd5bcbefd8aa550c5698cf

SHA1
9a1dac36289efcf6d0391d3180de6c70086bee8a

SHA256
af5ce06713cbafdd9d6eb3c8c783021fd712025238a1d100fb95b0f1e636aa44

SHA512
d0220e5332968f4c49507b23b9731a3fda69872da008794f71fa1e6b574e51b830e51872ad0085aaa5c33bb04b623736a2c922c71bfc2d2da529c240d587d07c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
0bc4455c5bcf27c626418707404e06a7

SHA1
8d82513ad7f0e0be9c5163a0981140f37b48e725

SHA256
f09794f4c5c50bdabc03a8a9734f983ab810ef22a8c6cfe5d59a0afb5d5d0bbe

SHA512
241212c14f002edf4bce3eb5566dbf799c2c2c205ce9d4e3d48923316dd0f3a9003883e790c124605a7afa026ba765652fb515f19848b1cbd993672b0db198bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
695ab0437a59e79bc3f61e0a050f67bb

SHA1
c89b42cfc408aa7cee740fc5bb7926699f0c7f9b

SHA256
1dc2bb2db13c2ca8fd0bfd24328403a7a17ff896a28958f760f9d97e70ea939b

SHA512
eb59dc7189072bc5eddbe448c75102f3ed7c928c111b3b4e82c2fb52ccaac14ca20429357cebce1ea3dcc9d7f4eafa3754d44fe21485e3d0b4000c2ce54bbfef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
828675804ed61f3c1eb6494604df7d1c

SHA1
680af595194da7628869072e74e1a0373cc06cef

SHA256
dff7eba8ce9f65af9d729deab5270e8bab53f65d221b4244431c661eda0e8b15

SHA512
3922f89a64e3d8438189b1e73924d9d81aa2c923e5c6c9a0b72bd055540b1b0808b53d626009f7774d5157bbc2c17910a533b8f72190c5c9723d466738845371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
f7b157975c1e03b1d3b53407ca25f3b5

SHA1
35e15d731ba58ef0dda008c8588104dc9944d6c7

SHA256
3f2da59bf1d23b9dbae9acaaa4be55687433c31f5b80e05c3e8ee39c137c7a0e

SHA512
54ce0877f44318e7244832ae53f458ac6b05fa8b6354ac96b78f20425bfd9e9cca17ff035821f86dde998596eaf2de9c3df12e219f5bbfe35635c43963d8e11e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
22b87078fc1d7bbdf2a1da31e8c349bd

SHA1
88c0be0d91a450e448257b3135db797723963a33

SHA256
148024200cf9bbd0db139f7acd268907d0735ab04a744e7bca27750b99b0ccea

SHA512
5a642a5f350e14b94da1c469c197fc200e118d2ec9f558915831e7a80f24892b427be0622e4cc9a2e3719c3a39f20364675e5885ac270c203a28b8031d10c03f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
df3ae3216577196b5914648e02922d14

SHA1
718f92602bada4a0653be299700d6601ebd54ad2

SHA256
927b19875f2533cf1ca83e43ed6e58c103d287b34a41b5d7a503c5186a0be5bc

SHA512
ff84df9c7d026197921fe6426c70287d479a738fe7a78ea8a35f79feabba93d799957c932c114080563a0770724e434ada5d7ae532294a53d7c7549664f54957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
881b05eb20a795029b4b3e5e714877c7

SHA1
75cb54f15ac5a1a7a56e74d76e3b3b6c514505da

SHA256
16fc4190e96badc9246f775e18f239f831023e4eeacee3c27542e736ecb92736

SHA512
7cc395e283e534ba0a4d5985ebb3dbc0f6f602f49f9d8ae0ac35aeda4c8dd9f28cb6c517a9748f5b6c52ce3e07652081295c2b934a1cb704ed670a102922c2ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit