1de458341eae15ac74b712b473492d669e03edf07114d080519e05d39f7b81a4

Resubmissions

04/07/2024, 17:35

240704-v51qyazgrr 3

04/07/2024, 17:33

240704-v4v43asepc 3

04/07/2024, 17:29

240704-v2rzmazfpr 8

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Res0luti0n.py
Size

21KB
MD5

fc94afada011ee92d7df9ad6bf1cbcac
SHA1

b786cf28ad131fb3217a210a1985a9cffaeb49fc
SHA256

1de458341eae15ac74b712b473492d669e03edf07114d080519e05d39f7b81a4
SHA512

235fa52216746871c2eac55537086d950b16c05d214db39c04744952d8908fc8930d2ebb2f8969729d3d0a6b60ff2575a0e31729015e4263755a4f3db69921bc
SSDEEP

384:zDycqrGHMac80GeLinexF3R/7MUeVpQ1l/BOiskG+EWPBhKdUoZIN5zZXzL/kqL1:wj/Zrs29plbDa3K

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645878138993676"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
832	chrome.exe
832	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3724	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe
Token: SeShutdownPrivilege	1084	chrome.exe
Token: SeCreatePagefilePrivilege	1084	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe
3724	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 2204	1084	chrome.exe	98
PID 1084 wrote to memory of 2204	1084	chrome.exe	98
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3376	1084	chrome.exe	99
PID 1084 wrote to memory of 3452	1084	chrome.exe	100
PID 1084 wrote to memory of 3452	1084	chrome.exe	100
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101
PID 1084 wrote to memory of 4656	1084	chrome.exe	101

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Res0luti0n.py
1⤵
- Modifies registry class
PID:4576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfa35ab58,0x7ffcfa35ab68,0x7ffcfa35ab78
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:2
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5060 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:1
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=844 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5040 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5116 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4432 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1312 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4692 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3040 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4432 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3016 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3040 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3344 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3056 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3040 --field-trial-handle=1904,i,3412891307104406830,5497830037580341824,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:832

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a2aa9e760f5b314ded9517f181ec5076

SHA1
ea3d207ddd129ebee27939ad4809d84df45a333c

SHA256
f5d3f696c3a86ff1cf7d1123867e2a23f8ac4ee14edc158aa3a781308068909e

SHA512
809c4cd26036768afa8a2e2a569514f7089dfb4f1c31cd448657dcef9e65d846ce63946f2e65c7de7294014f5464230492f4f25327e5ac52064d4e665fadb919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8bbb3e1bc466c0be1c7aabd7ed543a08

SHA1
dcb400eea790bb2336513ad44fc0099ab3d40d83

SHA256
32185a9cf75ab6cffb23856e0839c02ef3cd5e944c78cd7320e7576a0dc69414

SHA512
1b3340d22b75cf377b436415d10f2baf9216e1e7af5821f3fc9cadb82d5c726c82c60ffd94a3dfbcaf7f9770c61d4809cb693abda79a5351ad66b57717829d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
2f7fa82c166983cf1a836628f388a45c

SHA1
d6d2e1894f541143b95a54190febf65ec79f5550

SHA256
3963e7e8777a2cfec369226cdb5efdccb3ae81f61e568b65275cdef9bd9d8577

SHA512
69ab56084b9c085247a993d99d9655e13b38102e972fb5aa8b91781ea30b346b683046a066e674811c2252f34770f6189cdf5f77de20a2b26c61aa50e79a26ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
47ab813145625a1806006c2a933fb30c

SHA1
b4d9d8b05a7f2026a1d9fbb44fea055904da9be1

SHA256
bc09182b0e6c5616d8be32b7e212bb3f2b655acf53fe4a5fc7748af4739985ca

SHA512
785c23f7b68777dfe2e116368cab85bccd096ed10d0ece92497b8df93535482317fb09221c2b3b710b63698e979fa647b48d46190413455d869e91d7e9124779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e26c6068767b2d0d9463862d973ea94d

SHA1
fcf0dbcac9a9fdffdf6e52802ad6c5cb8591d38f

SHA256
9f8ac6fe37c4b94aa1923324f974a44f1078a8b8d47c5c40c83299e92a1bab24

SHA512
bf37eafbadd745f5b800e810d0f2c73fd71a7b622e6b7522d31f3fd511bc1addb5b0bf8e771d6103ca1d1a239f270defafa2f652ee324935cfe9bc6c552a7714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
112768037ef0570f249cfd381c9b9d06

SHA1
5cf42e25c836ea6889b6662392c9e7899baf1bd2

SHA256
81f98117fa5abb26929a2ff5c058a4954dfb85ca06ce17b117c9f6d95ac6560b

SHA512
b7c7cb81c190ac07b8db7a5a9430df0ecf62f2fa10bb0305af2707ba29a52d5bf437f0aeadf33748beef02e8380948dcda84efd47af9974bc45d52282a8afcb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
98df511d8d3b2486083f06795e4d5962

SHA1
e13ef0b035d53f97cbf73f4ffa39faf9dcbb9454

SHA256
c17a897cd722baebd4d0089fb1a36d0aa68d8f969e24b3772d5c444d47d8070f

SHA512
4c024a6cf5b8acce528522e85765a4877ce1c8c837c64875ede8a6c86692635cd4f71818d4c5e6fd45beaff890d4c115b11b15d10dadffd428d26e4f8bab81c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1bbcd0712474a5481333859d21f7bb91

SHA1
554d2f180f6d3c9de84308054b29663094c1ccd0

SHA256
d2e1244686355a6b37a075013d0e3e494dbf37876e7f8d31250813abe4cbd392

SHA512
5623e14916a6a3b261f614301a67e2af53a99ff349bf0a82c00d02b5d5fbfd30b07cb75fe8ab34d7a953b9c398d823a532fd02318f411a153817a85f7f08a378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f2ba6e828e0c2d5c40fed90ece915f1e

SHA1
161ec5a96f5b996ef30d053aefc597a739b53ae9

SHA256
82a73625dece3e5d3485672d1619dc0157961c64b0ca2362f0a3bde76217f226

SHA512
af0bcfdee64d37c616d7e5a100946b647f1974d63a0bb7342bb4b5b8fa452da8fc69edb40bd2a0d84cc66a5b96f7e674b941dfbc8bd2d0a3e7c2493b92dc7519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dc0ecfe16cbbf5e6906fb75ad43a9880

SHA1
69b07e1a2b24f478c31a3cd303c6fd61b50c09ac

SHA256
3c2fb7e103e3276ecdee46cb8def08251f2ff407f426eb76f391666c24229a09

SHA512
f8541e0e9898118e82f607ab9bc05f2dbcd171cb4bf32aa37053f3178c77a673bcfe37ec55bc69081b77ee6a678a57a292678bc39c1bea7b414d33561e87def7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bb226d0b6e5759d920c80d5a9eef77b8

SHA1
ed6b5bda56f289ccfa128c0b70ec1d3d18fa2a20

SHA256
313273b46f67aa3b492076ef35462c1877b57607033337d6cc12cd2eced58f9b

SHA512
5a812c04cf4ef28d63902ab084553b0aa495f0e99aed6eea4980f542e1d159f161055ad0d33e23f5ca6249189b537e4c7fa40fb591be8608993e90618faae22f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2e017c7b07f5582187f65384eee06dff

SHA1
927598db5ab5f8e27f760b5d8514f573198d9785

SHA256
af6bd1d09aefde62a03050059286bb5e46a8fa9ca600c7a14c8421f8c0a3113c

SHA512
5da7fbc3ca886a9d1c40e8e32f3e03e895054439540e1eeb0992cfc1aa68bea269faf3e3ab6fb4b801a0e249ddc0859104367c622de329ea7e4f54e110c02234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6e0fb52dc684e072cde343e33885c35f

SHA1
b645684fed8a73b8bddc8768e34a7724f45e990c

SHA256
4c9359461ed11b27587247d7c655d111e71d1bdafbec8f750db976a9de3f0b0b

SHA512
ddec903b5e4139db7fa4abcf43f65dfadbc0afa219d14c26887bd06a130067fc0f23f4f43036423948109c7e1831390e6791e6994423ccf5b81495cb96638385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c62419c9f6b00e552be9a746da6ec7eb

SHA1
3b176a133f11a912af9569311e70cab4e7efcf2e

SHA256
c16ce6817746ac376d385fd6f46be8b8475209efab83c33fa7a5e54135e160ff

SHA512
dc587b36778d5e0cd9d096c812c55c149909e2cc5f3cddbc4b541b9bd9bc7654cbb48c384c2cd131db747f2da696616ec0f1afefec6269ddf89cb719505bef7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
3fffb98621eb6334e83c51fda3edd404

SHA1
7ce111b638713ca8cdd0ba625dc999b2487ef822

SHA256
ac3a918adba93d0de3fc826341bc285e67f59c55c879b4384fb30595edffdfd9

SHA512
0dcf86d7e1915e058af9bc024cafb738311ad749dcf78804f66e75fe813fff67bfc047d39568d530c7df9ef02cdbac5d8c9389c1058a5c564c033ebe32c15f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
8b80400dedda989f6624b339b8c2219d

SHA1
f110bdd06ce6cd4d4558218a4d048091bbe694f7

SHA256
157acd2a4067b232f91c14eeae913fd8398517f7b8c16773a4aea16e18d23c10

SHA512
7268f69b1dd925f8887a9962bfc03a6b298bc7a51c32f144cebe692d0373b02765cc2b3a9802c3b6c1d35e55d4526d060ae13c6b4d4696c3ef2ee3a15d188a01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cf32.TMP

Filesize
87KB

MD5
517d9ddaee484e33e122d27d403473fc

SHA1
0e8a707a531c968c3e0b73c927b5669aad1dbd9a

SHA256
7d2084f8ac5e73a8cdb75452f554fbe3ab68e0c748d9e4e7a8d91fb078a5d7d6

SHA512
6c5e0989cb75d09aebc8bb4bef5095b1669c30fc98343b905833facec128a734713579d804e1dda396e4de44d3e49a46f8ffc0db6c036e32341086e3c4b73a4f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 20694.crdownload

Filesize
25.5MB

MD5
f3df1be26cc7cbd8252ab5632b62d740

SHA1
3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4

SHA256
da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258

SHA512
2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89

Download Submit