70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
Size

1.1MB
MD5

c3da2390d81bfdeee691709027dd0642
SHA1

5eb2d035abc3f04db47bb2fac95d394712280dd7
SHA256

70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787
SHA512

f57ad2b1f7c153468376cb45826adb2b22441f975339309bd4d5d8ce79fe3b9129544158821cac63254bdaf7c6472b95f5d93c0f3d47ff689160247d86dd486c
SSDEEP

24576:QqDEvCTbMWu7rQYlBQcBiT6rprG8auq2+b+HdiJUX:QTvC/MTQYxsWR7auq2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133616230027547125"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4984	chrome.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 4984	4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe	82
PID 4576 wrote to memory of 4984	4576	70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe	82
PID 4984 wrote to memory of 5044	4984	chrome.exe	84
PID 4984 wrote to memory of 5044	4984	chrome.exe	84
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 4812	4984	chrome.exe	85
PID 4984 wrote to memory of 2616	4984	chrome.exe	86
PID 4984 wrote to memory of 2616	4984	chrome.exe	86
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87
PID 4984 wrote to memory of 2824	4984	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe
"C:\Users\Admin\AppData\Local\Temp\70793989c60fbdf7320ec7c3fabd876ba559da741fbebd4636fc9fc7bdc72787.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4984
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffbf8c5ab58,0x7ffbf8c5ab68,0x7ffbf8c5ab78
    3⤵
    PID:5044
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1916,i,6916808695595643532,10458327800101869577,131072 /prefetch:2
    3⤵
    PID:4812
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1916,i,6916808695595643532,10458327800101869577,131072 /prefetch:8
    3⤵
    PID:2616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1916,i,6916808695595643532,10458327800101869577,131072 /prefetch:8
    3⤵
    PID:2824
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1916,i,6916808695595643532,10458327800101869577,131072 /prefetch:1
    3⤵
    PID:5040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1916,i,6916808695595643532,10458327800101869577,131072 /prefetch:1
    3⤵
    PID:2716
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2260 --field-trial-handle=1916,i,6916808695595643532,10458327800101869577,131072 /prefetch:1
    3⤵
    PID:4264
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 --field-trial-handle=1916,i,6916808695595643532,10458327800101869577,131072 /prefetch:8
    3⤵
    PID:2396
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1916,i,6916808695595643532,10458327800101869577,131072 /prefetch:8
    3⤵
    PID:3588
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1916,i,6916808695595643532,10458327800101869577,131072 /prefetch:8
    3⤵
    PID:4316
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1916,i,6916808695595643532,10458327800101869577,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4636

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
2fe119b5d23e0f9667ec4f941df581eb

SHA1
3e6e80bfafa4e1b22f8b692068ebe8cc07d689ed

SHA256
ce8a22ded45ac1f5557e5a9f17e2608fa03aaebb1f38c722188dae2fa5f7ad53

SHA512
90d38e877f05bb7526a613059966793ad9cf708efe5ba1ccadd70d1d74fb398446ff8b6bbbcc382c7713e2be1dff6160597c5e5a8d8a7b6f0b3640a9256fb1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
39f290673ba6daa5873ab21665712868

SHA1
2d243e9d66dd458cbb5bdd4f8893250f0af1b3c3

SHA256
03cfc62aef49bc7fe4f89650f4a345e274a4064a1ee1fc717d7ea25fe235f68d

SHA512
b1896183306f098bd8a2cedbf18dbcce557e300b2a927e6f3bdc081d8c41d4f53cb5f5c56ba7f3c9cfdeb6949e51e245331439863620d9a6604bd95ca4245dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0b665a555d82872b625b499a2557b76a

SHA1
3b0ce5d21830b2ee3b373a985bfefd1af257768a

SHA256
634cb158e567fc1b9e365f15a669fc2c256c182dbfa0f2152264b18d413535e9

SHA512
406b5d8aeb369db3b75a0479f0c2f98f7ed77b34e1a6b26fb70aff6aaa95a5ad1e254e4317da974f4383236107d660b642e548b8238943d0e33ea4d67f1e1877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
a26504360cd429ed22a3c5008c9bd4a2

SHA1
faeb15a3fdb55d0c4ec32a4ef748dc14d77afc67

SHA256
cbda47c3cce055166dba2b0f747e5b1ef152c212d606046b605bbb747b8674fd

SHA512
3c88034c38e269ed212b72112acf17c92ca88d3818f9c402737374111430bebac9a4af1881d154b5033508381bac03a6e5d08a53de16c3e82b74214db78a1b4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8ed70f253f967513d5b31f5e96f67d76

SHA1
44be43664aba4d0966e9c3aa7a9fb96b704d3b55

SHA256
6f539db5c0e81b5b28f00eaaae96d2d1812576bf98434eaf3ae4733d6dbed459

SHA512
18a2c207e5fef2435163d67a115161381a8379c0e9eff9db0a5bba470904c29b34ea3068904a26fba5abd450820da2b746926fc73f79c9549da20e76128d88f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
27d4dbdacb9b703516c835bca614800a

SHA1
c4b8fd3325dc5760b6c9971c35d28d188f69002b

SHA256
18a3fe4c302eb0956aa7de13a68230347f6976b274c18b4c5bd56bdb15e2a699

SHA512
82775f82e4208f7b1bde6d9316e429742c0323e74c3dde174857fd65badb5bf05432c8c5c9187dae63877b86b7a91be138a0bed9ab7becce28cbec7e339720d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
53c0943e7218c8210708f5507453ec31

SHA1
afcffb35d4514a6868e490d2faa3b925d4150573

SHA256
de0a1dc9bee0c37ce1d33fe7b2aab3f3043544d41ba06bbeb8de7e716564105d

SHA512
3e468498a90423fd6fe23e9d2588522b5c3ace6f2cdc2dbf65f76c1a0dcbe9c5bc31179bf0f15011296fed8ac2326fbb509fbb85ddf5b4b015bb71aeec18618c

Download Submit