d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
Size

1.1MB
MD5

06835c31612299fd36407ba22210b62c
SHA1

ee5229cbca79f3f77ce3c29ee2580530e76a79f9
SHA256

d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7
SHA512

4088e266c1b208d844585f2f5bbf4723384d385ddec7141996921e13d27e030d5508cb773fde4744dad70dad27d277c688f878ed50f5d16d010daa60dff8c80d
SSDEEP

24576:HqDEvCTbMWu7rQYlBQcBiT6rprG8auF2+b+HdiJUX:HTvC/MTQYxsWR7auF2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\International\Geo\Nation	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579677566757449"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
2976	chrome.exe
2976	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
3920	chrome.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 3920	4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe	87
PID 4024 wrote to memory of 3920	4024	d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe	87
PID 3920 wrote to memory of 4312	3920	chrome.exe	89
PID 3920 wrote to memory of 4312	3920	chrome.exe	89
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 892	3920	chrome.exe	91
PID 3920 wrote to memory of 960	3920	chrome.exe	92
PID 3920 wrote to memory of 960	3920	chrome.exe	92
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93
PID 3920 wrote to memory of 436	3920	chrome.exe	93

C:\Users\Admin\AppData\Local\Temp\d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe
"C:\Users\Admin\AppData\Local\Temp\d4d9411716362e7823251e151a7aff45e47b2a437c880c45ff2bb94803a3bab7.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa813dab58,0x7ffa813dab68,0x7ffa813dab78
    3⤵
    PID:4312
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1876,i,9525451961352121655,8283129574372253152,131072 /prefetch:2
    3⤵
    PID:892
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1876,i,9525451961352121655,8283129574372253152,131072 /prefetch:8
    3⤵
    PID:960
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1876,i,9525451961352121655,8283129574372253152,131072 /prefetch:8
    3⤵
    PID:436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1876,i,9525451961352121655,8283129574372253152,131072 /prefetch:1
    3⤵
    PID:3116
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1876,i,9525451961352121655,8283129574372253152,131072 /prefetch:1
    3⤵
    PID:3240
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1876,i,9525451961352121655,8283129574372253152,131072 /prefetch:1
    3⤵
    PID:1088
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 --field-trial-handle=1876,i,9525451961352121655,8283129574372253152,131072 /prefetch:8
    3⤵
    PID:4400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1876,i,9525451961352121655,8283129574372253152,131072 /prefetch:8
    3⤵
    PID:1784
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 --field-trial-handle=1876,i,9525451961352121655,8283129574372253152,131072 /prefetch:8
    3⤵
    PID:3628
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2464 --field-trial-handle=1876,i,9525451961352121655,8283129574372253152,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2976

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0637c73fc8d5fa6690f932b25deb19f1

SHA1
d78c2406ea8308ad29c8ad0aacc28a39c62832e3

SHA256
1eb4b050072d58b2df15a5255f05f3fccab4017551ea63d040f09ed40a23a1fb

SHA512
bcac600ae7bed63a6e71ccc95d31db00c93dc75c36644867358655fc55162938d2d15874784c70a30d1a9744479133d2ec5fcd7ff812f96ff328ff9b8235d16b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a5f2d9bba78f592e8851c8d8e8c94669

SHA1
a279236b8583c97fa211e73591f7961547d60fbf

SHA256
2fa3438f53b55a219cd2e2f00e7e253104b63d3cbe77991a66e394e1c79be56e

SHA512
109c256db51c9cba8f53ebe0c099ed25f107d0b8c816c785714376633a366f7f4b2f641b8d93c4315aa099a90a07af6cb39026ad84b71e873873ee001acbd735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
952064c299be651c708b7e2eb29daf42

SHA1
e4b8d237da0ace0ce028a855b8dc83d46ab7e576

SHA256
920479a162e941cf2c9224786ae7bd31ea492d31855e2b92993cca801020a2f2

SHA512
bc799b50754a894837ab81635d0131f5c4d53d4b15540de8c3c58534042468cf8d4de545fcb64fbd6671cdddbb0ac4163ede0e1d7dc7650c0f78376df5b971b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
f062e06930a481f4cd087225dcaeeb11

SHA1
b0e8e6fa6e145cac12913906c22afd472f3a023a

SHA256
952c59602d9077647acfbfa99c695582ab0a413392faac576fb2604847d1f845

SHA512
83c814c0c61a8734df09e32c3890c13b4560ea15e196eb30f3531727197ac30cfe24e1d2f3a8ba5522e77def1e079d585136a6804f6b74ee171b2121abd61fba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
769f958a52506fe570a4f5880b425264

SHA1
930f2d1c8f40218986ddeb9964e461b60f1821a4

SHA256
c503d8fee69d2d56822dda5e01e4fbc65a37e55ca88be7e599295047097601bb

SHA512
b8f9c4ccedfb5569d92f333948fad6b44f580d5d8acc34a0d80efa3a22da44ab2ea490ff6b32f487d99826acc5d7e854bf291c6d3737998b12d9a7d181be807c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
8340a45a79e9252d31ea8c8005a6d8b2

SHA1
2943d40cf557e9146af6575e0462cbd9c67eb119

SHA256
4e8ba0b6aaf26530b3468e3c17f85f881d0415b4fc4d50f72a2b920d01a13501

SHA512
8c8d40fa0a2f72cce28d241616bed38dd412fc04f0c1309e84fa9ab1c0ffeb8fde297cd9ebf2c628877a48d68e753c9c04a5f2f039b0d6e9fe1315bd3d620c29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
87fb43ce8a0d0e6c50d255756aec268f

SHA1
6c72a1d05f13df8ce44c74f7175ce6953e608b78

SHA256
fdfd65fdf1e17a4c6631127472f8462bfb7ba954bcde625d60d7411cda446658

SHA512
25eb48298ea56391917ea503d62c79ef7eca5ef8663a2f8ab1fc20ebb588be8cfb21ed461beb888fb868355208405bc80b816685afa2a2c87195061b39a1b8e5

Download Submit