1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
Size

1.1MB
MD5

08adf93a86b983edaee843e01f85fddb
SHA1

1647634a1bdf17e3944046992f03e52ccbbc9f7c
SHA256

1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e
SHA512

60d37930bf6845cea06eaa3d7a48b97d17ff2b24cc8725814b4aae9ce2de2fd5964e690489b8e9f9126bb57b685191bb922640a4d6c123d9749845075224ae0e
SSDEEP

24576:WqDEvCTbMWu7rQYlBQcBiT6rprG8auh2+b+HdiJUX:WTvC/MTQYxsWR7auh2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000\Control Panel\International\Geo\Nation	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3896	chrome.exe
3896	chrome.exe
4404	chrome.exe
4404	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
3896	chrome.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 3896	4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe	83
PID 4148 wrote to memory of 3896	4148	1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe	83
PID 3896 wrote to memory of 4204	3896	chrome.exe	85
PID 3896 wrote to memory of 4204	3896	chrome.exe	85
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3632	3896	chrome.exe	86
PID 3896 wrote to memory of 3340	3896	chrome.exe	87
PID 3896 wrote to memory of 3340	3896	chrome.exe	87
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88
PID 3896 wrote to memory of 1940	3896	chrome.exe	88

C:\Users\Admin\AppData\Local\Temp\1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe
"C:\Users\Admin\AppData\Local\Temp\1ef265a69a824b0ad8781771c35265868c58e56264461d74e825ef473c57161e.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3896
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1a3bab58,0x7fff1a3bab68,0x7fff1a3bab78
    3⤵
    PID:4204
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1968,i,2626370356905962792,3830058672526653748,131072 /prefetch:2
    3⤵
    PID:3632
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1968,i,2626370356905962792,3830058672526653748,131072 /prefetch:8
    3⤵
    PID:3340
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1968,i,2626370356905962792,3830058672526653748,131072 /prefetch:8
    3⤵
    PID:1940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1968,i,2626370356905962792,3830058672526653748,131072 /prefetch:1
    3⤵
    PID:3792
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1968,i,2626370356905962792,3830058672526653748,131072 /prefetch:1
    3⤵
    PID:1988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4168 --field-trial-handle=1968,i,2626370356905962792,3830058672526653748,131072 /prefetch:1
    3⤵
    PID:3356
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1968,i,2626370356905962792,3830058672526653748,131072 /prefetch:8
    3⤵
    PID:4908
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1968,i,2626370356905962792,3830058672526653748,131072 /prefetch:8
    3⤵
    PID:2804
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1968,i,2626370356905962792,3830058672526653748,131072 /prefetch:8
    3⤵
    PID:4116
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1968,i,2626370356905962792,3830058672526653748,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4404

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
ec1ba3de7357b721fc9340af8a260a76

SHA1
9cb13312db969c8ef4f9ec4a02580b008b6beeca

SHA256
3ea24136135a9649586b219fa2325463b18553f7fc3f36c78114e012dae4eacf

SHA512
f89ce78f153085948256a579282c897cd88ed03ec7559a47a94cc550a51d9261e5e2d10c3d463c24fb1d022066a96eeb605619b2b3d3185b90f4b70d10b455cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4cc74c507adf6d244e0137ac27e1028f

SHA1
424adb93dbb144ea5dcd0613cc1c4146b4fe139d

SHA256
a1aa16af7418a6eb3f8e10f2984e42c8b2f04497e2117a441f915c8adb63bfd8

SHA512
87cd4df739fd56bfc39c2cc5f7036b443609f380d16ca218a4a30c8fe5c7216e17819f4727e21b89bce03bdda1cee26c9e2065973d80cad8e31c53d7a672100b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
64dd210c4c5a58b7d68f6d9a76ea4c85

SHA1
ac5b929c8993f97d6bd381f56c6ce896c49bd51e

SHA256
e96ba177525667dd450610570d0ea12a3351d0d89b55cf065f09681a9b7d8090

SHA512
5ee22f96ac63fce31b98e76afe76db56c51c8b0ea412c527fb877a57b1ed64b410b16d09097476be99dc5a43e3ef7f89274122da8c6009706dd9eb8212db8a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
a6d7c738152b47901b383de95280e2f4

SHA1
ddf896430cd6ebdf5fa16354eaace7ad14c9457c

SHA256
55c11305ef13f19d7682245712b392332c4d71e4f979dcdfa6054882d1310969

SHA512
4cc0f29fc65f8abc26e2cf791076955cd2ad6484f685294ef70219ba479e68b8bf681bd6e4c80ee3a2539b2af868ce0b59b3d5374b3e1d661f4f9d43cc296a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6e08714dbb7cfcfe186cca52f7723075

SHA1
07e4aafeb714413983691c532c5fbbc6376a82ed

SHA256
760238f7d2ecc16b0386d5e929b3bc1cd2847c0b790298c2ae8e132b1e34b7ce

SHA512
95fef59b0b911d13b0ba76056721e7cc27d6ce2b8c683833547daa2bd74fa23069edda3d6730bf18457c2f60ba9c0f87526d723862afdda0591a91b1f6a7a45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
4ffb43e2ca645afc16232929ef730f48

SHA1
99a24a74cd13903ae79207984c58ca3fa261af7b

SHA256
4a8e383bf9b91b8b9c4375bb736850deaa3e9ed332ab74c48de194ca9f07c827

SHA512
866c627b4c47b02010470c1a5de58294e7804d81d3ce44afdeb7bc5c4cc76cde29a6035409f3d0fffd131650472aaeac2b79af1b7c032d54b00f8643ac061d48

Download Submit