940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
Size

1.1MB
MD5

873f3e93e3d987c2a20ce3e927517a0a
SHA1

b9e0adf82e9a0226fc0982beb76fc4bf86c6ea94
SHA256

940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0
SHA512

64e382ab718ea08dfdcd38f64c248841ad571b5b5e53eb20b5cc122584da1ed0c4ec119b42984a52f299536d1e87526da3dd6ceeb69e72d73cf7026e9eb85efa
SSDEEP

24576:BqDEvCTbMWu7rQYlBQcBiT6rprG8aue2+b+HdiJUX:BTvC/MTQYxsWR7aue2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133624279024677784"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{F6D1C425-D302-4031-8CD4-7BBE3FDB751B}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe
Token: SeShutdownPrivilege	1504	chrome.exe
Token: SeCreatePagefilePrivilege	1504	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
1504	chrome.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
1504	chrome.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
1504	chrome.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 1504	2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe	80
PID 2604 wrote to memory of 1504	2604	940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe	80
PID 1504 wrote to memory of 3596	1504	chrome.exe	82
PID 1504 wrote to memory of 3596	1504	chrome.exe	82
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 4356	1504	chrome.exe	83
PID 1504 wrote to memory of 3992	1504	chrome.exe	84
PID 1504 wrote to memory of 3992	1504	chrome.exe	84
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85
PID 1504 wrote to memory of 2092	1504	chrome.exe	85

C:\Users\Admin\AppData\Local\Temp\940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe
"C:\Users\Admin\AppData\Local\Temp\940a49027ab32f8588154af20b7475be711ef118c93a07c005e1e4c673ddc4f0.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1504
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe417ab58,0x7fffe417ab68,0x7fffe417ab78
    3⤵
    PID:3596
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:2
    3⤵
    PID:4356
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:8
    3⤵
    PID:3992
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:8
    3⤵
    PID:2092
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:1
    3⤵
    PID:4776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:1
    3⤵
    PID:1484
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4232 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:1
    3⤵
    PID:1368
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3292 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:1
    3⤵
    PID:1096
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3280 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:8
    3⤵
    PID:1300
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:4960
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:8
    3⤵
    PID:2356
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5112 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:8
    3⤵
    PID:1084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:8
    3⤵
    PID:3432
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 --field-trial-handle=1956,i,10132804629355486020,8610559363189824279,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4548

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
a22fa3393007fa532c7ed6fb5248afc1

SHA1
0e6a6878985d6529c8c72e3ca53f13005e85a1f9

SHA256
d1ad9aa20954973f4c856a2e34b59802685ca840e7351c7c69e41e3cd3468dd9

SHA512
3938474b221d245404001bb19afb4a4cde6d95ce931a845f650d0fa3c4076998f66f2fb0b4834070e73a2769d1e6a32123f9e025e666f3d4d55db9314c93daeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7b486eef-c2d7-48ec-8404-47fe38d7610b.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
867b39ee096e184cd5297e8d739d9519

SHA1
97a125cbb3ec935fc34801e7e710ba165f76faab

SHA256
98caffb6701c905d567b999082451fb5bd165a1932d876f0f1e9528ab593feb0

SHA512
a5308b169e7f124ce8317b7ebcb15fbaa2c09b6058c0ceb3501cb7f61279ab58ed088cbaa9aa86b5e9946d7f502616d8ba0d492d23ff18f1dad2278f503cff1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0c9c7c77c6f90e4b9681701d9687f6d7

SHA1
a453ad00e3b0aea1350bf43c6909596019d763b3

SHA256
3629335cf183741b74ea22d8506428f9f2fe8b0d84f4a266cef416d501d5697e

SHA512
950dc485bf48692cdabfe22001eed2b1dd2c28b9eddd84f02e224a5e61703b2d9cd70df70dbb0876d5cbca2e695e3ca9c6a10a1362d46d78f1cb1679dea9f5cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
d5f61a9e46c7e59fd5bf2cf3712be871

SHA1
c1f481dc2c1bc15acc039f336cdc4a46bafac0bf

SHA256
bd4f11d13a587cd8c84e06fb6c9fcc2afcc2ff8af52c705c4ba5d12ccd79eb34

SHA512
07342499eb9ba0060f2e04a433c67f2f83abe5c8f1facb691cb8f62ef3c5b3304a4c5dfca9f86bf4f65d2f90808f815534e3e69e53dd18944e420a0bb5d35e7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
eaf23b694f100c252956689ce88d7d0a

SHA1
87476a23117d1a704244ab8aa452d0f6c899a2ba

SHA256
42502d6028f8fc543b8c225bc0d5c58e3822da6a3b006a147643e45878391d60

SHA512
2c04549055339edbd11a1134d823a70c96d008c4d2588b27fb39073137a4b4fce9297b82dbfa8b1b0fe4d1dd8c323ece25638c0e74e1b691e13d8e8f504296d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
70dc4891310a2f830d5ea2889d4affc4

SHA1
cdbfae047f13f0baf7c72edcc6b1e2109ac27170

SHA256
90570895e9a45c641d63b35d1048d1ab586a098aa7c57421636a2de4405abec8

SHA512
e31cf7c557e3d9e2d12e9c583932f644bd13719c58d1786648b9765c0623ee3e1a9a8233bc1632af13d6a62e3e26ec5a59111fed410a2833f83a57be1e362292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
469fd7de678a71fbd3bc88957dc72abf

SHA1
84a765a41fc7d2cf7d9436db2b57c11ffad761b4

SHA256
44834141576c74c3f8b78bd9f289c1bf7932f07866130c44c82cfb2249f4e3b4

SHA512
4ca40d6ae3cf53358a75673fc1563f02ee1ee90892340f9798af0823050db7611bc5a9dc5ce62253581abf2f53ddb425fb5327e6ab3430594517847b87abdab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
45b93c0adb228985b137df9434f40f0d

SHA1
669bea708a46eff816bc5bcb4f61797028958e47

SHA256
85c40b4a6218fd1a0fdd94d2b7c0c95495529710d2432df8d838a626eef95846

SHA512
1b9179c111dfa2c2df889cd35ed2886de2c29f9f7e878b0138cefdcf1bae7d757e60008c51ea41dd9be619f7bcf227ce189f7d9f716f7855e21456ef117a2fac

Download Submit