hxxps://apkpure[.]com/google-play-store/com[.]android[.]vending/download

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 15:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://apkpure.com/google-play-store/com.android.vending/download

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617290477656626"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1140	chrome.exe
1140	chrome.exe
4832	chrome.exe
4832	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1572	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe
Token: SeShutdownPrivilege	1140	chrome.exe
Token: SeCreatePagefilePrivilege	1140	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe
1140	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe
1572	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 1216	1140	chrome.exe	85
PID 1140 wrote to memory of 1216	1140	chrome.exe	85
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 4476	1140	chrome.exe	86
PID 1140 wrote to memory of 1236	1140	chrome.exe	87
PID 1140 wrote to memory of 1236	1140	chrome.exe	87
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88
PID 1140 wrote to memory of 4660	1140	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://apkpure.com/google-play-store/com.android.vending/download
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bed5ab58,0x7ff8bed5ab68,0x7ff8bed5ab78
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4168 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4344 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4832 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4412 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1588 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:8
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2760 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1912,i,524687175869538474,295202486160574443,131072 /prefetch:8
  2⤵
  PID:4880

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:184

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1572
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Google Play Store_41.2.21-23 [0] [PR] 636997666_APKPure.apk"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  PID:5024
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:3744
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7D970BE0097C26264A31D6DADF0D9B23 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3628
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C45115AC224DCDAB446A94EBCDD28B51 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C45115AC224DCDAB446A94EBCDD28B51 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:4576
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=22D6DB26037192EA66E5A5DAE4D6D14A --mojo-platform-channel-handle=1864 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4588
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C4E62264C5364DD0B4CF0BA4B4A41A57 --mojo-platform-channel-handle=2352 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
442a404db6df84a4109cf5c5385db1be

SHA1
4d236e58247dd359536654ae406b904e2769b43e

SHA256
d3a3078302158b055617bac0b18f03bb0c01709c807b655a2236bfa2aa98546c

SHA512
d2821fea85584301a02ee1f6998fb31fb0e54a9f5a63ae2739d57c609c33de560465d7ecc0f333298370c6e568d7055024f9d2f1870728012a62502c21ab966f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_apkpure.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a444cf1cba48a443e904316bcee5e560

SHA1
6ed0b736ff4ae91b95435954aaf24aa61e100e8b

SHA256
7e3083407e66810a5e1e26cf58f85133d9dc366195fbb0931c62fef3e70f0749

SHA512
411e2a3705e759778a71135b1a5a5a91fc32dade3d5d7438dbe054082134fa995f550bcad9ce3929f4f8e7848bdeb8f7c64d3e175dd6eb6272ce1d1670f8cb95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b4bbfd7cf2253900f550448fb5169a0f

SHA1
a78490794245cf897544b27d536353eee571bd21

SHA256
2888e381344de35fe4b9362af6e95b83f569f5d9c744ccdba94e1a3bd7ff76b5

SHA512
a56a80d82e086352d64bfde324bbfb3baad1de9bdc2aa4ccceb3c917639ff863f5efd5b6beeff03dc2168e3548cce204b9e65f4b00afdb6fe025aed032aab616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
17867dcf440021f79bb276d75cc43f17

SHA1
e15ed7b2d0674d0c9e95c5bdfb43160c0c528301

SHA256
11951b906498d1c2453b3823a14ec984603131ba9ca1fe691004025695ee6927

SHA512
955ea011bf991a436c2c001e86ab4a55564573b1a37f0c00103c749acaf24b1fd1d516ab3ef3b32ebfe4ed4da5215a9072382275c2c496ca5c188aebde804d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bfbdd8ac6f949660a90903e74d87d404

SHA1
507c0900a1e4c7c5d185028ceb676fbd686d505d

SHA256
2a9b796aa918de015304ab75079e6e7ff1604a4fb3894ca1eeb02beee7c15f5a

SHA512
d88f772dfcbf91467d2e7f9936b1b48ef7b66a7fac3cbf1bfe91b7acc20afa4e37d09291ae9242688c7ce31c89f10dd9efc111a8dd16a480160585a5829a33f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6fc2d365c968a5abf34189505c28d40b

SHA1
98bb854fe8c6d908f4215f34e8312d0255eabc51

SHA256
eb0fa34d74bd28d207166d3eaabbf13587afb8a40269e99aa6c2345bd9a8d98c

SHA512
5775b48b8a2d6acf2a1e870ee9bab8590fa10b4ec7e7c4978cd5adee1912070cc4838739419881a2be3c116358e34bff33bf3954473bf62e8fa2aabb3d7983de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6115b8a639f27cea571d73027c415874

SHA1
ecf56e57878487fc9a43a681bcbf2129d65bcde0

SHA256
d669676cbf93e6cb77a8fd387aacc70195144cb8c648a2887273b8072fdc39a7

SHA512
d92b7ca7fbe4f6e3dc7c4ba511518f7bad721bff826eac52cc5b5c2588a3f8bc41fb69ac56959f2e4224b9acf4f69d5cfc2f38d184334bfaa1c321e6582d07ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b268.TMP

Filesize
48B

MD5
8153942de4d4b8c590ce6ca813fc4ce2

SHA1
81a0f7dc687abe59741b8397d23f0a56b35cd373

SHA256
30351e7bf97a9f229ee75f7674ff2c5e17997d51b1333a5a43113cced9d5e137

SHA512
08203f257edccf57299575387bbda14f334f5f42e613390f5c6263767f6568243a5a5df1d356d63c33b0bb36e984f88935195a7b944658fe9f3e51373ea1c44a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
0bcab85f84531886f2f0cbb3ff327b95

SHA1
e6886aa0cc6af320cb941df08f86e32c0c66aa31

SHA256
f5db3d97e4c88162ee451cff768bde9f8f9e8a5ecc958a0753605a62adb491a3

SHA512
2f6f261b49f3b2042fffed302265b61cfad8a824f66b60309ee18532ed67a6595630ff0e233f76a4211cdbe2b4d124bbe411c0a61fbabf24a4a2cb6d6e7e35c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
5c45fdb17e72d6f0b855f7460c7c1a61

SHA1
8bd042cc0959c7b51d58ecd4cfe05285800aff2c

SHA256
c35056364b04e70139a6a46aa9fb9f8cc94a15925556b30d8abe9e87a6163d6b

SHA512
ba1eacf1bc3958b9ac4b452fdd1998825f4a119affa3893fde1a1885c28f3b44823bed5804f59b5840ee8fbd6825eb0e137a670cfadb0c7a8139b58d8f77d1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a43a2.TMP

Filesize
96KB

MD5
1914cd4c08b9868f28c652499335ff92

SHA1
20d8907bb0a39afa8856cebcf876ef3545bbb330

SHA256
ad507736955696a1be9f754c3e962c6f1bcc73d9346e41c9286579ae9256a92b

SHA512
96f42d74749204b4384381d01560a3073c6ddb4f46c3f2a2045c645d262022cc8f171302d31c0fa61875e9f732609ceec801c25a0f69b6c955374b8ac9a220a7

Download Submit