220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03-05-2024 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
Size

1.1MB
MD5

8aa07363b8298de6122504353dfddadd
SHA1

174783049aeffde0aa93688253b216711caa52a7
SHA256

220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c
SHA512

04470bc366b5740011dcbe01d6d4f9cef2b594bbd5420ec255496902b2c63286940a70041f5edf2a83a98c63951220863e7ec70d9afaba8e5d7db6a7da9d7931
SSDEEP

24576:fqDEvCTbMWu7rQYlBQcBiT6rprG8auF2+b+HdiJUX:fTvC/MTQYxsWR7auF2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592220304474722"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
544	chrome.exe
544	chrome.exe
932	chrome.exe
932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
544	chrome.exe
544	chrome.exe
544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe
Token: SeShutdownPrivilege	544	chrome.exe
Token: SeCreatePagefilePrivilege	544	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
544	chrome.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
544	chrome.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe

Suspicious use of SendNotifyMessage 59 IoCs

pid	Process
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3792 wrote to memory of 544	3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe	83
PID 3792 wrote to memory of 544	3792	220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe	83
PID 544 wrote to memory of 4404	544	chrome.exe	85
PID 544 wrote to memory of 4404	544	chrome.exe	85
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2076	544	chrome.exe	87
PID 544 wrote to memory of 2184	544	chrome.exe	88
PID 544 wrote to memory of 2184	544	chrome.exe	88
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89
PID 544 wrote to memory of 436	544	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe
"C:\Users\Admin\AppData\Local\Temp\220fa84d272cb675c0126c468743642259de1c8fbc643e8e2845d75713ab350c.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff053ab58,0x7ffff053ab68,0x7ffff053ab78
    3⤵
    PID:4404
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1936,i,49337816447128847,5677936718389403392,131072 /prefetch:2
    3⤵
    PID:2076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1936,i,49337816447128847,5677936718389403392,131072 /prefetch:8
    3⤵
    PID:2184
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1936,i,49337816447128847,5677936718389403392,131072 /prefetch:8
    3⤵
    PID:436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1936,i,49337816447128847,5677936718389403392,131072 /prefetch:1
    3⤵
    PID:1420
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1936,i,49337816447128847,5677936718389403392,131072 /prefetch:1
    3⤵
    PID:4776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1936,i,49337816447128847,5677936718389403392,131072 /prefetch:1
    3⤵
    PID:1520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1936,i,49337816447128847,5677936718389403392,131072 /prefetch:8
    3⤵
    PID:1196
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1936,i,49337816447128847,5677936718389403392,131072 /prefetch:8
    3⤵
    PID:4640
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1936,i,49337816447128847,5677936718389403392,131072 /prefetch:8
    3⤵
    PID:1552
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 --field-trial-handle=1936,i,49337816447128847,5677936718389403392,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:932

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d690e75dcfe918ec7e6ed7cbaebd8d7b

SHA1
fbfc9d68cd88993fc26105dc5277caa8d21b259b

SHA256
9a88f49068228a57a43c6af5b0e17d968521b01bf32efc4b35aa0f5d17d4f16b

SHA512
8fa046c2fef565eadd46e0e3d5b15e6ae028ba047303ffc8d41b11017b468d9b1898bf96614891531f1125c2b78e166bd986fbc9df43cd8e5de419efe38debd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b7c09aed7e6b59d26c11985692bea67e

SHA1
baf1fff5e2937a120e1b2e91e967423e9deb8fde

SHA256
0d2922dec32a3b9d8744b9a80109667925767033f58ad499262d053aded5af42

SHA512
e8ac357c4bc42a334c17e962129626229ad27725c15c6228fbc65878df6532c9a9c5e365500819716a63c342cea03a5f3965894edf15d0c0a74a3d379d778e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
635d1e3c12ea43c1f2b4fa8f20726ebf

SHA1
200f1f57415c3db886e56fc15c32cc3a77444434

SHA256
49f1f00d7eefe5a5dfc251dd1c6d65c697ea0f2ef8d01e1d8ab7bcb447ede639

SHA512
77ab8f64c4562082c3f191ff8623ef453cac8ad6ce5abdadcd9ef4589857f246e25f948672a4c461804c1f5a19a6d1ecdca3318b845807411736b2987ded5035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
f3efaf7885cdcf6c980ee3753f33784a

SHA1
bb7d6d0cb73bdb988f50429010d862573d127da5

SHA256
e7dd28c1a49ac96dc66913ca8dd129747c38bb9d6678220016a06fdee1da0e51

SHA512
b1b62906ae6a6d2d8fff9d89a2a012a657224496cb1d0c1a799fdc33fbfde80429a63f6a8494a6236d8f71ad91d1148bfda95bfe7a1d889a55fbcfdfda4d590a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c40a691591acc4a62bc989e4abd340c4

SHA1
ff6a470e9e50ebe4d5019f6eda02314c1f6cdcac

SHA256
cef054bdc2fb4aebb9aa8d7b477124bed1eec1e360c5fc9a826c45fcf9324a01

SHA512
e2645a187beff9585a08f9c463df5c638c2b7d04b16d108aab351aed2d4f71a16484d89bac40891f55f353c250b8b45f59a434c2b81f6f08ec025af3484e6697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ff89e120-8994-4c0c-b3b8-66db4f8a4e43.tmp

Filesize
16KB

MD5
1fbbffc16ddf1b1a6dcdae71d1c5d295

SHA1
5665730f95403fca69f2deda1df140517337ad33

SHA256
a389c73c26653bddcf27f604d487c8aace36a53f03ef5f0138e004af8b847ebf

SHA512
63037da912010c05c1731475affb2c7897dc1851f884926b26bb1bcd3aecee4049fbcc2b4d83f27fa10daa0dd95836821b179966c32856a44760ac0d806df549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
0f841162c8d736bd5a338334839f187f

SHA1
14778a2cf71ce22de5564b7764f67aa6a63807ac

SHA256
50b00370c88da87410693b9397b01188d35f0e68f26813eebcf0efd090b43de6

SHA512
c0b6d770356f322500b5b9b511fc5d63f3d415c644ad2d693132cc3ec497ee9215e660af7924c3b03f6c0897f9a08ecd2073c09994d3dc8fd559b36202884a3d

Download Submit