2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
Size

1.1MB
MD5

106f159ca958e493ee50efa2eda7c2b0
SHA1

48c829ac6380a69bc937d6e16ddf265930c7f86d
SHA256

2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3
SHA512

b813b0848b4ae893699998b34c20c8847424964cbdb7b5373f9dcee528109d0e3ec57ac1f765fbd3c1e8664927f2fbd8a4fb96d8644328a31f49d822f89f6cab
SSDEEP

24576:QqDEvCTbMWu7rQYlBQcBiT6rprG8auR2+b+HdiJUu:QTvC/MTQYxsWR7auR2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645332215015088"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3628	chrome.exe
3628	chrome.exe
1504	chrome.exe
1504	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe
Token: SeShutdownPrivilege	3628	chrome.exe
Token: SeCreatePagefilePrivilege	3628	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3628	chrome.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3628	chrome.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 3628	3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe	82
PID 3364 wrote to memory of 3628	3364	2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe	82
PID 3628 wrote to memory of 2608	3628	chrome.exe	84
PID 3628 wrote to memory of 2608	3628	chrome.exe	84
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 4312	3628	chrome.exe	85
PID 3628 wrote to memory of 3408	3628	chrome.exe	86
PID 3628 wrote to memory of 3408	3628	chrome.exe	86
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87
PID 3628 wrote to memory of 3904	3628	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe
"C:\Users\Admin\AppData\Local\Temp\2f2416e2da0cc0285622efc30dcced4cfc7bab2754cfffb8ff3e25e1423359b3.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3628
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcbb5eab58,0x7ffcbb5eab68,0x7ffcbb5eab78
    3⤵
    PID:2608
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1916,i,3027111101513321296,13329917038180664237,131072 /prefetch:2
    3⤵
    PID:4312
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1916,i,3027111101513321296,13329917038180664237,131072 /prefetch:8
    3⤵
    PID:3408
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1916,i,3027111101513321296,13329917038180664237,131072 /prefetch:8
    3⤵
    PID:3904
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1916,i,3027111101513321296,13329917038180664237,131072 /prefetch:1
    3⤵
    PID:1792
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1916,i,3027111101513321296,13329917038180664237,131072 /prefetch:1
    3⤵
    PID:5052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3820 --field-trial-handle=1916,i,3027111101513321296,13329917038180664237,131072 /prefetch:1
    3⤵
    PID:4436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4200 --field-trial-handle=1916,i,3027111101513321296,13329917038180664237,131072 /prefetch:8
    3⤵
    PID:5060
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4188 --field-trial-handle=1916,i,3027111101513321296,13329917038180664237,131072 /prefetch:8
    3⤵
    PID:820
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1916,i,3027111101513321296,13329917038180664237,131072 /prefetch:8
    3⤵
    PID:1876
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1916,i,3027111101513321296,13329917038180664237,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1504

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
81c940851417b0df8600c0d5e443c9f4

SHA1
85ff142ce1a3634595ed94d883a0dec0c0c0da16

SHA256
8763bf3d152f049a4fe7e66bb42d1ef8d0d3a84fc96567557f796e22c028a4bb

SHA512
f0f9717d4f562a5fcc9432c5e69bb552bc62bf063c7b91496227b0bc7847dfe8b64cb7679ba460a3b1f2d67f8e1f39b7179a27baf96ea9b2635a06752c6c5efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7a653793ff2f50561e82adf8146bae4b

SHA1
5b6c2f8fd3ae1f1dbe92fdc539a2709ad5c071a0

SHA256
7419923a27b31695c6d25c665cf278cd6e6d73b2cd395bbc79c1fffb729d6165

SHA512
e91abba8cae428e4a8c6d6ce82389a1c1b3d9490bf58136bf1901e3a5b0d3106dd39b7548601b30bf70085ce20546c244eae8cf47437c2f69e6e5288aed86f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1b02db0bc3a4a03c7f590c78f73f1dcc

SHA1
0fa4a30de4ff5944d485d6c1b3434173a68df1a9

SHA256
d7c395454a3d8c37e6cf0fae9fb5aa1675e2d28be50c62af5c83f74b74bb0cb3

SHA512
a47dd800fc3543068f305ef4a02e5d7e7a5758bedfc36891fecef948190ff471ad268f6a29682a12b4820a24850ece1f892d1a6078854617e0f7340109f4449b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
fd15f3336a60574cd612b28cb74aa76f

SHA1
a9a9ab6eb1147ba8c1f8c7d003ad4d783a37dbbd

SHA256
80781aa3cb89f9895c21d4e9f1518bbcd204c2d39a53ed30bf19003e8f475c0c

SHA512
df3e2b84d26d006e99e69a04a8384ba08ddf618f669505a60a80a2c00b17e7592826e024be14a39ff856614f5597439845fba7279dbd1d2a51d00ffac75e31f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bce4a09522d1c8b91d7c605cbbdf62df

SHA1
e89e626eabc343cc3c4cb9040c18efd0763bcb33

SHA256
33d702a94034b380d743dcd1665cc1d6a922530dad26c5fc8b54a396d1019681

SHA512
efc06352df80355d54d539e0887d06ce3ced5eaf203afdff743041a2db4b030f879b0f6242f92f1fc3ce35fe84de7aaf15c80cd80afbd6f8fc2ebb3df0513335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
6d569d7536cf3d3f9bd85c7cdfbdd1fd

SHA1
0558cc6b167e194fa2e36f61f2e6146ce909c1f3

SHA256
52118299785abfccb1b4c5969b7092643008705465ba7a567887e56cadcd0452

SHA512
38c77bf0c998315569a1dddcd17c3c4ca4dce685ef432f66c56d8580ae7c6e8812eee3f63db69c35bec74cd68da2acb581686c845f79e608d5a8bdacdafe7e61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
a690aa69b3fcdd6b7864e05b36c63dd2

SHA1
d8dd64187ca56923074689a9a2198579c9c9b692

SHA256
77bf5cc9e025121294e84832b63c4b0a52015d2b3f2e681d09b458d2b69d94e7

SHA512
c821d3bdeaf5f2053f9301847863581cb483671fdfcc218387bef52fda6080e174e29396425f23615d0fb1888c1d88ef583c5cc042b787fb8b2857249b9cf21b

Download Submit