1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
Size

1.1MB
MD5

11b897e45058dbece18ab00771e35e1d
SHA1

bb1f005b4afbadf907a998abbd6075901aad0d05
SHA256

1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f
SHA512

24684ab7e5658fbe9c9108af76b99ef6bc13882eab356251cfbea35c5afb89b532f8ac8a3c22a636080b722ad2c4b0c31fcce3c428887a4aaecfc9d57298d72f
SSDEEP

24576:+qDEvCTbMWu7rQYlBQcBiT6rprG8auB2+b+HdiJUX:+TvC/MTQYxsWR7auB2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588024087625266"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{9D4F947B-198C-45AB-960B-0ECE2590C964}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2916	chrome.exe
2916	chrome.exe
3464	chrome.exe
3464	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeCreatePagefilePrivilege	2916	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 2916	4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe	91
PID 4924 wrote to memory of 2916	4924	1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe	91
PID 2916 wrote to memory of 1612	2916	chrome.exe	93
PID 2916 wrote to memory of 1612	2916	chrome.exe	93
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 1968	2916	chrome.exe	95
PID 2916 wrote to memory of 2276	2916	chrome.exe	96
PID 2916 wrote to memory of 2276	2916	chrome.exe	96
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97
PID 2916 wrote to memory of 940	2916	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe
"C:\Users\Admin\AppData\Local\Temp\1157e5cc745b022bb415acdc13b8a3f43fa5e4f3eba5ade2a44ab592fd7b631f.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff82e889758,0x7ff82e889768,0x7ff82e889778
    3⤵
    PID:1612
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1952,i,2809196414649037975,10465695456946821465,131072 /prefetch:2
    3⤵
    PID:1968
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1952,i,2809196414649037975,10465695456946821465,131072 /prefetch:8
    3⤵
    PID:2276
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2300 --field-trial-handle=1952,i,2809196414649037975,10465695456946821465,131072 /prefetch:8
    3⤵
    PID:940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3284 --field-trial-handle=1952,i,2809196414649037975,10465695456946821465,131072 /prefetch:1
    3⤵
    PID:4236
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3420 --field-trial-handle=1952,i,2809196414649037975,10465695456946821465,131072 /prefetch:1
    3⤵
    PID:1996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3984 --field-trial-handle=1952,i,2809196414649037975,10465695456946821465,131072 /prefetch:1
    3⤵
    PID:3968
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4808 --field-trial-handle=1952,i,2809196414649037975,10465695456946821465,131072 /prefetch:1
    3⤵
    PID:2436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4796 --field-trial-handle=1952,i,2809196414649037975,10465695456946821465,131072 /prefetch:8
    3⤵
    PID:3056
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 --field-trial-handle=1952,i,2809196414649037975,10465695456946821465,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:5080
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1952,i,2809196414649037975,10465695456946821465,131072 /prefetch:8
    3⤵
    PID:4364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1952,i,2809196414649037975,10465695456946821465,131072 /prefetch:8
    3⤵
    PID:4728
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4012 --field-trial-handle=1952,i,2809196414649037975,10465695456946821465,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3464

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4072 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:3444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
9db5176767963c4ba625ac892d9aaf2b

SHA1
08946b23ff7b9047ed4289d9d95f325724d19047

SHA256
2a65e78c3973fa24e7baa15e3982e168b845e813925467ecae68b4267e012e21

SHA512
52584d3a50daf6d449e1cd0ad3e9602fe236da843f489577552c41672e0f319760fa8d64ff5b7029f5e8f9743083322754c578b364a6a83f30d64cb62b36dae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c5e9269a4e943dfabf5379866c2aac9e

SHA1
c7faef6c1c8bc074a0b879ea7dca14570401f6a8

SHA256
ee9758ca815f0ec7012859a6ec8aeb9fd8c08a0107f5abd0730aa73afdae19e5

SHA512
150b639463621ed9c73d2e394e82d021b2b2b2a0a4fdd24109f7f65bdf9ee5a031c55173ec53983f98d2b2bad466b775fcf7a360ece089d4d5c383eadb02944f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
55360c76cbab6c98a308cd291a764534

SHA1
bc39c80a0aa11f1bf895962f6cd44b3712c5b877

SHA256
c9782be4a6dc6c8ce35723ea160a871f7fa138719e60081ee8cb9e93d3afe76d

SHA512
8b6292d7ea51c8aab5251d6d91ebfbd0f0f87defb43896c6df671fe4748efbd9476bcee966e46a513b4287371a2b3dcb1caa060a427f8b62e0da3d53a2de0d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
0be77e2165f4d0010a9f26cb9c5ef565

SHA1
33c5d7d7040a180f57e84712a79ce1e3283e83df

SHA256
d3a45f92bca523cfb64a21c6d601444b4729ab766f30776e03cc9a75a3c78c33

SHA512
52a7a483f1087dc14141959598679a783db1a2253a2dd40d0c9a15e9d4ede5f935f35d8891de6a34816058f5141858b3cdf32bf744afeedea863147c20cac21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c25ba8fa8fcf355312f9c992fafb7d59

SHA1
5e2d454398d6d24003d8a8de063ed6945bb6ff4c

SHA256
1f988cd841ae19d4b0f49e72851c5bc55fae213d39bdab42761dfa26e9087b81

SHA512
f7a072649b942b7d94785662deec486aa1384769cbd5d4697d4de2e5275c02080f8a21334d96f686da80f56afb5d3dd1e19298e4bbe016cff42bf7f97a962183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0cf2e28f114182f9b12ae521b18c6bb7

SHA1
e648573dc1510a112a53bdf1069d24ef78dd7d83

SHA256
8630d5e6f193bb1d520b7f3fef026549b426cd47ed6bd6db1e4b4bb39ca7aa1f

SHA512
f385b68fd59eaae22c9d6f2253d664b58544d74106859e4e5a787ae1840da0a80d5b28530745131a34891e1c0e4a3da429d24546eb44740042ad5147c27fff68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9c7482278c5399d71dbffb182cc5605b

SHA1
507ed07f3d0ad5a0cd91fdbb7b53256ec172a51d

SHA256
334f56ab2b0a81356cf0e073fc494a613fc9c5c930dd01e8d2164b58d0d5300b

SHA512
68f36d34ffe1c53aada9f583cda6ed484869e990ed9060a59ad894336474a18cbfbbd0f08ea35346b19c391c80f7cf2be961216d2b8e23645ed22a838f14aab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3dabbdc627c1e511164249d854f0ccba

SHA1
e13cc5aec40b24073096248a5f3c3e3d501769bd

SHA256
8f42ad13f3a09daf1d0a43c4a2601377b276981eb28c08a639485679b6e9d00e

SHA512
829f242a484dc5b5940f70d3175f2d7c5798d2fc961f7bb5de455c55e770c0a1c845c538f0b7aa1515173a521d9d2debe81a71bff4ef830d5915e6cc1849de01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
265KB

MD5
0c423e0b3b4736839c03dbd5023e8a7e

SHA1
d5043045f66ea619be30165576fb67f0a404b6c4

SHA256
f2f562316f89843843721b0db17b0b411ee8d67718f74cf9fa671ca634bec622

SHA512
d70a649176fa15da0d953a37c555edbe5fd49e55c01ffc4b39145dde05097cfa11a1b744a20e864bf1152ba9c8e51d9e2b93175e2796005f9bddb651a1ebb519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit