25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2024, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
Size

1.1MB
MD5

5fd417112bce07601f653e2a87b7e48b
SHA1

7082198f04e69a13a9e92a5732b4203fe623d7e3
SHA256

25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901
SHA512

404f07a27b7dfab4d75d5f2ebcc5cbfe1ee5a434c22f7f26b4ac6e31a72363b643b1370c0bd5769271f17a3d48647f9abfa0c84e6d943217e30c656e0ae25851
SSDEEP

24576:PqDEvCTbMWu7rQYlBQcBiT6rprG8au72+b+HdiJUX:PTvC/MTQYxsWR7au72+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585519930311790"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4084619521-2220719027-1909462854-1000\{345987CE-2A34-4C90-A596-54D3849F20D0}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2832	chrome.exe
2832	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe
Token: SeShutdownPrivilege	2832	chrome.exe
Token: SeCreatePagefilePrivilege	2832	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
2832	chrome.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
2832	chrome.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 2832	3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe	87
PID 3156 wrote to memory of 2832	3156	25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe	87
PID 2832 wrote to memory of 4912	2832	chrome.exe	90
PID 2832 wrote to memory of 4912	2832	chrome.exe	90
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 4692	2832	chrome.exe	93
PID 2832 wrote to memory of 552	2832	chrome.exe	94
PID 2832 wrote to memory of 552	2832	chrome.exe	94
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95
PID 2832 wrote to memory of 4948	2832	chrome.exe	95

C:\Users\Admin\AppData\Local\Temp\25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe
"C:\Users\Admin\AppData\Local\Temp\25678effaadcbef041acf471a40b85c4b00e02225391d4e9a16ec8294f641901.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc138fab58,0x7ffc138fab68,0x7ffc138fab78
    3⤵
    PID:4912
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:2
    3⤵
    PID:4692
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:8
    3⤵
    PID:552
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:8
    3⤵
    PID:4948
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:1
    3⤵
    PID:3696
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:1
    3⤵
    PID:4228
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4136 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:1
    3⤵
    PID:2708
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3296 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:1
    3⤵
    PID:1872
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4520 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:8
    3⤵
    PID:2732
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:4816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:8
    3⤵
    PID:1216
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:8
    3⤵
    PID:4292
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:8
    3⤵
    PID:2488
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1936,i,15487502887680796792,9572784463074656378,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3212

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
3404dec4c2deac8119f9ebe9752b7bc4

SHA1
6ac3f2966ae067e32ff0fa88018c9151da9426f7

SHA256
de35d84c6f6d3edbe30f30b0b29c115e3af0fd2c3974df9ea6a8c5aa01fe5a0a

SHA512
fdd4ad955712e3904a28665b6e22e3e3590021a999b6592a033b056beab331161aa6ab3fa809cbcb38d56ab327625b78e9afca191a5b09693620aa2486a2daf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1647b74bd820da779dcf63c8db8f58e5

SHA1
e902fa631faccaccc49765f14e518b908dc0d328

SHA256
4f30ba633325636fbea27b0174e4f496c6bce3adbaad336151486fd00e8a3872

SHA512
668fd885cec5d96cff4a37f623213c5cd266cfc9111a9035f1ca991e7f410777c90516f7ab8449fc336d8815e7c96ec65152f70fdd7789d1c85548b6bc6717b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0e024b2a1e3d6c22416479a46def8f01

SHA1
fb463555b71ef2f439f20fd7cb64a1bda54d759a

SHA256
e54e0d6a5044add97a48be5c0ea5a97b48e629d8a985183c6f7c14d7f72cfa61

SHA512
5fba35c6b6430793c1c49c8e2cc07a65829d96ae08488d7357bc41a96bb340e78e8b4ed668eeb15b4ce66222d960a14cc55484679598559b21a3d016f5e9ca16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
a1e8913de707c61ed36a05017dcb314c

SHA1
ab752e8b9bbaa2a3427b57c628500592901b497f

SHA256
9402ee970c2e02460b2491e67757967cbafce18b7d8a5584d01ed1b6e75fefb7

SHA512
a87a8039286e35f2cc222c3c49ec1dcc507ddeec9bcee28ac37b1f5c7ae1849565c619c74e155bd92c4aff1aef79bb81cdaa806baa5a845a83bb86f3afbdbaf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
63261414af58f3e59f2c8bea508dbc4f

SHA1
aa5c70cedecbea60c513e02d109dea82371e79ea

SHA256
643b8a456297f1d9cd97253bef06d6919f9334ab514ad36ff37429d636c776b1

SHA512
b61c9302ce3be6604342ace8d2551b05415318000efa586a53d4d53544c3c5599d61b0a0f475946f6d70ce41d562638946632806597947d78431b7bd99b0fa1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0af7eedaf13a0ce712ee7690aed931e7

SHA1
4eccc49943d7d2099ec4be79f33b94de3790192a

SHA256
d24e03596d7343ef7404578c5db07d68be5194e55d039bbf3ddf50c7cb15d564

SHA512
6fb11445ce795eb9aa83ef1600b9e69d178cad6e01ea2ad23942b4a82c29ac4fe6b0a0de8d2f913be86280cf857dc9cede4d8325994d360157477d75567ea563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
280ee177ae24628b93ecdbc971a3aacd

SHA1
f0bcf0e47e692278b53cb34e14639bcd9c312571

SHA256
9203ac6c8ea423e2fedb6da8a5dccf4206934b6404d816b9848c0bea4547ca58

SHA512
b4d613448f91016c8a57c186eb769327ac6e6134aa22daa8adab158efa7826df00bd5e62346f1256b14258f0886b01b50510a5bb6927021f20240eae72d4b0a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
608d0c51fdec1eceda1e8bb22f67ac26

SHA1
cb6378a3bfe1d73317c5a1cb0a717a5f58f80b3a

SHA256
1658a58edfb80ee8802f724fed8832aa4450c545c3a31d1cad4dbe65969e5398

SHA512
1d5b84059dee5eb41e6a7c1a0ec159e2c4d7438dda15b67d00eb3b8e6f1852c0ff7cf6addc5ff17083ea5ceab7b35657175978f5c83bffe7a58abd4d09d56d14

Download Submit