38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959

Analysis

max time kernel
150s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 05:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
Size

1.1MB
MD5

4d75175c65da3eac9799eae3ab58c0f4
SHA1

4a7279866adaf8e96236c51de4a3f405a378bec1
SHA256

38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959
SHA512

2e4520e35a8b047857a81501632b2e27a6cb24ff744a0a4c919b485989df9639638144a2e932ed3691fb461e61964889b270f3e9cc9461ee2e48713ec559d7d6
SSDEEP

24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8au22+b+HdiJUX:2TvC/MTQYxsWR7au22+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591011418884741"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe
4260	chrome.exe
4260	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1772	chrome.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1772	chrome.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1772	1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe	81
PID 1700 wrote to memory of 1772	1700	38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe	81
PID 1772 wrote to memory of 2828	1772	chrome.exe	83
PID 1772 wrote to memory of 2828	1772	chrome.exe	83
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 2200	1772	chrome.exe	85
PID 1772 wrote to memory of 428	1772	chrome.exe	86
PID 1772 wrote to memory of 428	1772	chrome.exe	86
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87
PID 1772 wrote to memory of 4020	1772	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe
"C:\Users\Admin\AppData\Local\Temp\38789f607a152032641eaa953ab86e7426c181ea0eab148933e16d433db68959.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1772
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5e2dab58,0x7ffd5e2dab68,0x7ffd5e2dab78
    3⤵
    PID:2828
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1904,i,12617085417514551259,15802595391847903699,131072 /prefetch:2
    3⤵
    PID:2200
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1904,i,12617085417514551259,15802595391847903699,131072 /prefetch:8
    3⤵
    PID:428
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1904,i,12617085417514551259,15802595391847903699,131072 /prefetch:8
    3⤵
    PID:4020
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1904,i,12617085417514551259,15802595391847903699,131072 /prefetch:1
    3⤵
    PID:3436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1904,i,12617085417514551259,15802595391847903699,131072 /prefetch:1
    3⤵
    PID:2788
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1904,i,12617085417514551259,15802595391847903699,131072 /prefetch:1
    3⤵
    PID:5004
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3292 --field-trial-handle=1904,i,12617085417514551259,15802595391847903699,131072 /prefetch:8
    3⤵
    PID:4080
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1904,i,12617085417514551259,15802595391847903699,131072 /prefetch:8
    3⤵
    PID:5024
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 --field-trial-handle=1904,i,12617085417514551259,15802595391847903699,131072 /prefetch:8
    3⤵
    PID:4476
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 --field-trial-handle=1904,i,12617085417514551259,15802595391847903699,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4260

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a11132f18e52b95c7333fae08a5c0e7c

SHA1
1cd58c7cf85eb1fbceb775def7857b8b0b2c0bd5

SHA256
d09aa837ff380a1440d340fefcba905ffad5e06011390a752237afdd90628f74

SHA512
6bec71735da310c458dd619fc6ab87989f7e4de4335fb14236931bb9ced05ceb8e4e6287cc0e18a044dd25dc14b65a9d416b2da0a0fb2a1c59e6447641bfe79b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
30675805dfd6bb57c634be73f75d2633

SHA1
17c5366b42dd83d4d5c100966abf824ee22eccbb

SHA256
f754aad970f807ab19669a502d4c8eb8b24038621a72d593e26c42efbb58ee9a

SHA512
f800ac4a68cded937992e4edc43c6210cd031a9e1c1e92874a121b2d7ca267ee69d9bbfc8eee59814938e2e8480ecab8d48797a99208d8b249cda8de252d64c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2eb07277a0a70b9552787a6672670f3c

SHA1
0bbfb321f4c5d8dd0ea5be6af83278e3f7205ec6

SHA256
0ca9f762caf5b86e453615d101add40814178fffb7f7be575411fe9e75a1cc7b

SHA512
97fffa9bd4620975ecaf9afa768dd009334425c41a9441446ba1347eb57f7788237675af3e40242234f5e38d56fbb6ce9b918f7dc91df66bdf6fe8a4e20d9797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
c52a06ac01d306341df13701f6d11fc8

SHA1
7ce82da9dd78ccb5a9b39c333bc4b92e02033a03

SHA256
128fe0f2e4051f3877f06c7502dceefa3cf1f6cce194530f5e7b46f013f6a119

SHA512
e7cd4e3495de6cf986fbf1ed7b5943e7af1708ba4a1890595a33c2d0d354a6f9918741f1ee1ca4904a5a3217f5135a4e6bb4296828593f96095f39bcaef860de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fd768232e91112d010b17b5ae65e856f

SHA1
092d5edc025476350361a1d16179a295190bf0f1

SHA256
6cce61d0901726a8073d19096c8c89b5e429004c05ded17bfb7136eeeb7f603b

SHA512
40a10ec7ee447fc3722d317cddb97dba3a623971c67754504a1d975dde149734e5782664821ef9733d620b05ab3d1ebbad5f633ea297fd4a2cedbcbca0d61168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
66bd67c074c6cac0414bb94d677649d3

SHA1
a0f5203ff946210f47defcd9dba90c3268051c18

SHA256
9bd11d917993c654e9ce058ebfdb7556988eec89d4581cd1e1a2c4bb8b67510d

SHA512
34a671141833b2c1248531faf8a8321df588c3f04ce26e0242f5328fb4588f2a2b2f7939d92d3aaa51db74ab50b6d4c28497008166b5f3bd5f12546bfbc87d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
a7a9376b0dad41b0be97f1b0dbb31531

SHA1
3a745175efa1487cac2f7100e0915d24abb2c946

SHA256
269d42dd09e26316f8e8876fdbebc67de7bd47b358099cf71a5d8938d7efc096

SHA512
a972963b3108ddfa36f3e968a275c319991b6ba9e91f0feb727565e084d6c97cbeb796fac8cffcdbae6c5c0007c6f27e27a0dbfd356871cc7d5d1d72f522fc4d

Download Submit