fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22/04/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
Size

1.1MB
MD5

5a4b67ac68acc8558b7209be42f8e79b
SHA1

0e47233a20eef46680b8e0b3c61f962639167f43
SHA256

fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a
SHA512

d49872c5903a11cf09b0b59fd9e0801973b13a22e85a6523ba97b22b462ad67454a4110d0d558aa9b608fa838f4fb7e3766d088d7f287095233974e2f8a53bec
SSDEEP

24576:KqDEvCTbMWu7rQYlBQcBiT6rprG8auC2+b+HdiJUX:KTvC/MTQYxsWR7auC2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582839660202181"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-259785868-298165991-4178590326-1000\{6B74820E-ADB5-443F-8A45-A1A23DEE32CA}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
5052	chrome.exe
5052	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
2440	chrome.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3724 wrote to memory of 2440	3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe	90
PID 3724 wrote to memory of 2440	3724	fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe	90
PID 2440 wrote to memory of 2408	2440	chrome.exe	92
PID 2440 wrote to memory of 2408	2440	chrome.exe	92
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1004	2440	chrome.exe	96
PID 2440 wrote to memory of 1792	2440	chrome.exe	97
PID 2440 wrote to memory of 1792	2440	chrome.exe	97
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98
PID 2440 wrote to memory of 2276	2440	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe
"C:\Users\Admin\AppData\Local\Temp\fa06b6995baef4150769535d5ae57855d991dd253b52f2880c64161e8d17c59a.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd028cab58,0x7ffd028cab68,0x7ffd028cab78
    3⤵
    PID:2408
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:2
    3⤵
    PID:1004
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:8
    3⤵
    PID:1792
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:8
    3⤵
    PID:2276
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:1
    3⤵
    PID:944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:1
    3⤵
    PID:4044
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:1
    3⤵
    PID:5092
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3296 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:1
    3⤵
    PID:2256
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4548 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:8
    3⤵
    PID:4496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:4880
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:8
    3⤵
    PID:1172
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:8
    3⤵
    PID:1084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:8
    3⤵
    PID:2412
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:8
    3⤵
    PID:4408
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:8
    3⤵
    PID:4760
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4172 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:8
    3⤵
    PID:5364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5292 --field-trial-handle=1792,i,12382415712987940243,13287131468739417641,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5052

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
236deab09365bfef6d207ddb2e60c84b

SHA1
51341536463d16a789435bea68f04987f3434f18

SHA256
647b8326a8658e2866a7be8a86cec88dd9448dc2cc3c5af744445020e01fe91d

SHA512
3165875bc7ea15616de1843ce97498c83523648068c4b796ca3febf4a642d949469fae99aeef773bcc262cccd18357bc257352ec0c13ec84eedd483c109146fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\56cbe150-21a8-4f63-9450-bddbd5828a60.tmp

Filesize
524B

MD5
5e51b64f9ee40157ab401c4a4c2cf5b7

SHA1
e01eac2634c96329ec54bf79ecb0fac0243fd995

SHA256
64c09a540c2983910b3c5bbf533240cb9e2440ee9e008b35b88938231965eee4

SHA512
619bbf88032be8436fb2818148ec769dc83da3fdb228880e224118486abe14a99484fb9d93999039eb4d306108ebc54e56e69f6c37802bf79fba9eb549c3bbcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a95ae2fd81c0131fba8c45704c8c1d56

SHA1
d437242aab91ae72d707e872da3949ff573a1e9d

SHA256
a5e266273ef69e692812252fed2faebe9593c548f89334208c2c0859eb203344

SHA512
686b4dcecdea3a413108e500eea73f5434d42da8b5421e9977aaf4c771be11da7208e98f6a70dfbd8d1af700a3dbda684096fb5a5a0231c24e2021e6d7476d6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
623b1de1cd3807293951fff9b03842db

SHA1
b8d2a75c96a4a11a1b56a3e75104421386dcd2b3

SHA256
8313f37941c58d0405564aedd509a8bf45ee1d58aa3f23f16a20742e6e772fa6

SHA512
e2261e9bdbf3267bde26dbc643ec2362335e56cfd0ee7706ef47ec9a550c2def2c830112e5fa4a06d754c0348520f6826c3ade652dc40d76e614cebd1764260a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
c2f5a3dc1dda9f1ce0132617ec924031

SHA1
9846df75d0903058e5ead9ca57eb0c69e4c91e52

SHA256
e45bfb8afaf26cce3021fed4d76a22015b6ad078c72ec7e0e59046d4d1577fbd

SHA512
332cbebc9f269e475603b9b2054ca4e00b0e207da5f58d542779d7101d56e9feeb254eb1d779b50998f2d48a845673cf96167f042640cbafbb72f28c9c1a396d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6693ae4bc15d1701881ebc375d3992d1

SHA1
8225db6dbffa18efe65cc3cbd9720e17dd16a535

SHA256
171ebd05eadb61d8c767b2d71ad93ff50922dfec4446294ff4532773a815ad13

SHA512
a3544fce1e4f1195175da3284651ecce2184b2229eadbf5ceb4acaf61dc0312095e1e3ef1ad38dc0187e736a933a9bcfa7971ff26f872549ad595b202aa65b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
eec106636a206fee2dbfd581106e04a5

SHA1
da8c0a1ac17cfcab91cb5c62066803c5e074edd5

SHA256
74533acf67e7e3236ca0d41ee9e5716dffd99df120cf64d11c78ecd47d0111fa

SHA512
7d4c5aa8a4d3b728174d3a9300bb076a990ceca162da47c554500b117de91afe121cd1ad6313a36acdf3e2ba175a842584d859769f3c03d1a97c5e37b800fffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
576130b037cbcd11eda1f118c3344098

SHA1
bc41c5c28c1a73d81d5692b900b2d357d407d515

SHA256
7bfbd7b61bc338ebaaa4e848636dfbf973f18bd1c512fffa892e5e27d2332dab

SHA512
49af5b281761fa9ed111249de51b09b9476b9d682b790c882da40eeb5db98e4b9a7a6a3c13b882839e298c86c14bba682f3039951ebde790fa47eda4a8b88595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
1b96d40ad37bc36b29ab4c6b88f156b4

SHA1
cc8489be1b480149c9c9d484cedc2f6bb58d0876

SHA256
dfd43a246f4f834b88cc2248ed3deda19931bd77d35c4bb9994ab7be6be03527

SHA512
58f1ad72ef7ec17b40da39d26b8d96e09800d7273618357a61dbdd658df040e5175e91ef44f3472a8e777293486f39d8dc3f1a58d5a465bdb82bf06138fdc8c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
bf0f35e2485817f6edc7d906f7e75126

SHA1
0ec550be4ab3ee41c4d34557370ab46224e11317

SHA256
a3220f3ed079baca1b75bc43d145df3ec84c5066bdb2428e873e8d18da3ce6da

SHA512
943e1320d0de4c52960b36e091d793f55662b2f880ec2b3599ec4631c16f7d6e5f454d5b1ff24ae7dd40f672eed98d5841e459ccf252f11fe1a5c9ee15e0a8ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
274KB

MD5
3753d217b8444d5612bb66329736e1c0

SHA1
4c6e4013d2d52e4f9ad86ceef2c942bc368eb148

SHA256
0b7cde8a196081e7c4a441dabc034e9fc79700a8010a50a0b777a7451ba3c00a

SHA512
3de6c2f711478f5a4d4d80e5dbee898a22c4ccb65895fe9a81c5aaa464bf41d483d5f5dbbbf728f457509cd44e037fa556750838c3ba2a5dce340211ba0e1b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
39fcd93d12d506afc806678bdaedac08

SHA1
a4d5a7e23039b7caf9064bc03002cb7854ba83d2

SHA256
6e1e730cf0ef36ad6433bc37df5662262ae718c5a1f2f048e499c77d8252eff9

SHA512
6740cba64a66098022872d09b1677ccdb75391dea6ff5978fabf566c2d98bf1ab40a8c27f0f45d23e19c71bb21c56354d20819e560f5ccce56a1d895dae3595a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5867cd.TMP

Filesize
95KB

MD5
de844a7219c82db5434b2b018f5755e4

SHA1
f85b4b2f58f70abd42c3f58595b866f060800d87

SHA256
914c4de33ae6eadafb2ceb6d36900d5a1d562305283ed9630e1a7f887cc85ff5

SHA512
da94bda66a394a6911060144efba2a075dccf61d34246ba5786c40b88a38cea18e7f5d0cf9e1d39bcdacfdd534f1d102ef542a986c3aad818417d4685508e4b8

Download Submit