3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
Size

1.1MB
MD5

c0c1ed3b1d3b2b84ea8095ec538f8892
SHA1

5291b4fe9a1fe65f8792403296c4c28cf09b37d5
SHA256

3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51
SHA512

ade8e998ff34cb601916337ee3259a31e41821f9c693dc887e278d289d38ae89891175d01094ce098e4d136827b0349b44978c7150d595e12e63ee7a7f8df183
SSDEEP

24576:WqDEvCTbMWu7rQYlBQcBiT6rprG8au52+b+HdiJUX:WTvC/MTQYxsWR7au52+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133615599165463520"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
852	chrome.exe
852	chrome.exe
2832	chrome.exe
2832	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
852	chrome.exe
852	chrome.exe
852	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
852	chrome.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
852	chrome.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 852	1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe	81
PID 1748 wrote to memory of 852	1748	3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe	81
PID 852 wrote to memory of 3488	852	chrome.exe	83
PID 852 wrote to memory of 3488	852	chrome.exe	83
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 4348	852	chrome.exe	85
PID 852 wrote to memory of 344	852	chrome.exe	86
PID 852 wrote to memory of 344	852	chrome.exe	86
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87
PID 852 wrote to memory of 3232	852	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe
"C:\Users\Admin\AppData\Local\Temp\3a0d95a461fd3a9a0939a9a75b16264a686de0bd9c3ddc539fd030168c89dd51.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:852
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb00dfab58,0x7ffb00dfab68,0x7ffb00dfab78
    3⤵
    PID:3488
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1628,i,15143135527214767792,11378460341897101860,131072 /prefetch:2
    3⤵
    PID:4348
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1628,i,15143135527214767792,11378460341897101860,131072 /prefetch:8
    3⤵
    PID:344
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1628,i,15143135527214767792,11378460341897101860,131072 /prefetch:8
    3⤵
    PID:3232
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1628,i,15143135527214767792,11378460341897101860,131072 /prefetch:1
    3⤵
    PID:4464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1628,i,15143135527214767792,11378460341897101860,131072 /prefetch:1
    3⤵
    PID:2412
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1628,i,15143135527214767792,11378460341897101860,131072 /prefetch:1
    3⤵
    PID:2012
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 --field-trial-handle=1628,i,15143135527214767792,11378460341897101860,131072 /prefetch:8
    3⤵
    PID:2204
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1628,i,15143135527214767792,11378460341897101860,131072 /prefetch:8
    3⤵
    PID:5068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1628,i,15143135527214767792,11378460341897101860,131072 /prefetch:8
    3⤵
    PID:2784
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=848 --field-trial-handle=1628,i,15143135527214767792,11378460341897101860,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2832

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0b2b1ea637afd7eeb35a8ea76f170add

SHA1
e9901ebd4ad9bdb4a402d7ae911ba13f90e58295

SHA256
54952664a46b73db5c9941980a882fe0a95560291c6026f1f83eacd2af758d24

SHA512
2190e7f3364d2ac3febf81094c72b61d2593f136ac87b98ed93d0385dfed3e382e9c00de2c153c1219b5b048aa6ee4e340a4cd1d44acf627259a89b064265b2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ea65f3bcd2c4de61c05a6804c7d108c7

SHA1
992581b5098ea7317b46f89349e07d53dbbfce53

SHA256
24b2474c8ec3f17f77929bd97e8be477bce0e6e0e58e4b2d5c1647d206e810da

SHA512
331e2a1b7dcb702a03d0313287be65fe729af6e5ec9676cde1d1723fe042437b04184595a0e05e19927aa4e445b9675ffa227ee15c770b8b156988ce085c1cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d5489cd823cc150905939eec10243e1b

SHA1
7583efd61d42cc64f4c354ce9fca3ca5a8e52632

SHA256
eb19dba5599cd4536763ef003efb89c08af18ff47e66904b6f4620414b8097e5

SHA512
6465eef62e54339c52ba836eabef9199d2f35efcbc8d7fb55c85d3088ff29eae08681531e54bcd9d3640574183f82442cc79cdd41a8eb57363602225fb4d1785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
241c4e4df048cdac9964b02020f785c2

SHA1
558be55595538c758d582d78ff58a255b8642034

SHA256
d05dc541f45cc62837ac40c3623746f2b7e6b37d05a2d7d61fa806aee0b0e562

SHA512
b505cf848583aa60e7342a7a77f15264831569a098faf9c1ef04d126a37b167b0382c698c5ad7b47cba784888db8feb8a110b2e653769fa1d289eae6d4814377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d848006578625e6982165a8e808a8693

SHA1
36d7e2d3608278413a388d1e381aa86ca5a9829f

SHA256
9775c125e850723af91aa8334adb4738a2fcb0c77359fc2c4ff565d1e56bb70e

SHA512
b2c96971875a15d4cf2d078d476dc2cd7bfa98c51479b716e09c811292cfd56095e01cd5fdd53e7b25ea73634c98ad7cbe6a8d716d42a6b4f2a311f22927caa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c445732ff33fda8ce9c7684b4160ec0c

SHA1
dd3386543861e2dd5f42c9ac6b7ad9702fee3ad0

SHA256
6fc52bec7dd653720f019ce0b0706dcf04c997d04ac14feb8a3f91a1e9ede578

SHA512
45db7bb8dd06ed3d584e4c39d38ecf98772041f60d02032fbe4ad6526deba82bbb617ac74b7a158ecf1059cc59c608ca6742c71fc4fe1897210a4d11db5720dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
3daf76a729d9e09ba752826d9a4066fa

SHA1
6e217d100717abdee5987cdfe3e52bdccfbc038d

SHA256
67ae4c6b5c38a12d0c1673cdd36a5e621c9f4aa3305bae76ca8522c236063816

SHA512
48f1e6111467064af2d6b44c65e6616b13f7c5e8b35e200b792bd214c1b74d282f53d61a95a6fdeb155796195cd486a673d2664c2c3074adddc22bb71a889ce8

Download Submit