d1a3c162165f611f967b34601b3bab67633b94fc6dfcd70ff1591e9ae7b631e0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Usermode.exe
Size

1.3MB
MD5

8341318173e580405f529486c6c7c272
SHA1

ceebbbdc5cee63aa8e0c86c057d61ca025affcc5
SHA256

d1a3c162165f611f967b34601b3bab67633b94fc6dfcd70ff1591e9ae7b631e0
SHA512

b1ae6f04c9d910c45e378730df57e122945e8681b7ae07439ee3ace210f0c8c71ca9df1d4d03b663d856e840a32a9a9ceeb372e1e7edac841a26271f5f6ca2dc
SSDEEP

24576:5aTpb4mknNnXCMZu+3caswIOFM0AzLDA2MxumuoOZmwGUqmOiDJskY3jICn7JyDo:zQO60AzPA2VmT93S8ICn7JyDepSjBk8

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3124	Usermode.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133646770529828902"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2612	chrome.exe
2612	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 384	2572	chrome.exe	89
PID 2572 wrote to memory of 384	2572	chrome.exe	89
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 1548	2572	chrome.exe	90
PID 2572 wrote to memory of 2428	2572	chrome.exe	91
PID 2572 wrote to memory of 2428	2572	chrome.exe	91
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92
PID 2572 wrote to memory of 2604	2572	chrome.exe	92

C:\Users\Admin\AppData\Local\Temp\Usermode.exe
"C:\Users\Admin\AppData\Local\Temp\Usermode.exe"
1⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0cc5ab58,0x7ffe0cc5ab68,0x7ffe0cc5ab78
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:2
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3600 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4744 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3292 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4324 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3252 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3240 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3496 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5416 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5040 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4768 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:3652
- C:\Users\Admin\Downloads\Usermode.exe
  "C:\Users\Admin\Downloads\Usermode.exe"
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5828 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5116 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5556 --field-trial-handle=1796,i,6963320672035425719,13265525536429494779,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2612

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
19KB

MD5
39b7e0d992290c41da06068bfbfc7c77

SHA1
f6a4d0d93047d6cadf48b2bb752f89bc9bbf6806

SHA256
92d3d1073c33cb7ee8711bde6ac3c519b2b5f0044e5a2582aba96b14ccfef01d

SHA512
c67131ea3093c9863d3c7dffc37cf54d4b17bee7abae3fda9195535bb8a736ab19115fdd14591c7fd1966014891f9b140b8763695a80207756bf01c534388a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
463c12151a7c837c2b7f6b3c8e89d141

SHA1
7b140d384cf70adcc1289584acddb5da9ff34f80

SHA256
29d19697e4fb1a48d5e6c5c8d69ac1a1019d2f77965396785ba59d0a549514ce

SHA512
df3596529e6cc83941b7e39dbaad5665c6d339a9df67afdfb05300acff15aef1feee0011bd55be5678616bcc6d12c804d2a2bf86be93ad3c85a89c23584ed65b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8ee6850cfd5e140e1d9e47e73c0f1425

SHA1
4bc127d37cf0533dc001d0bdd1d9aba53031a492

SHA256
e2cf62df51ed99a08e2102259f935c84051b14014fb2d01811b1711de61fcaa6

SHA512
5defeea42b40a5eb75713b96f80129f6649db53ed34536f1ee9259e5186d38188db714ba91591ae9def4c01e2dbccc6fccf5a85cb49fb3ee721e7e74743c9d9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0903cf54a6c0d42cea409b3b5215193f

SHA1
f3c980cb7b69780cf3bf208837860856205dfef8

SHA256
a62fefe4eb53269c35e38fb89ac98c13b7ac59fc691b4e90cef9b79edbb0a42e

SHA512
fb6ea0a338eab3be620ae6d7e0eb7312ff1ed5f5d770f19d87122f31aaef312d30f0982dff9d6362925b1f2141bec99ba7eba2bec399649072f07510c8d551e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
c47a5cb32d3b71cc2db11e18c9c3c2fe

SHA1
ab9b7a11cad896e157eb1cbeb4484db91d73ba14

SHA256
d8f5fbe249026b5d6e2af2ba4a3efa77fa9d71997dcf8bfeac71ea4185442dfd

SHA512
e3b7061b7ac6b5046d661d38db777e24aa6c63516afd9da95788bd81dfd4e2e6b5ea5501fd6070ed004db0b60054d16b78e8246549cdf363258614e669c4b718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a5bfd34dfa56c9014415819343c6b2d4

SHA1
8e8844f1cebd2d7d2bbfb5434191a66f3a1719ec

SHA256
941eaaba269605909718dfe063a0fe557c4ddcf10b8975fa05ae7153ffd3a9ee

SHA512
ddbb067aba0b3ba0affc33e1c6eadeb8e404781147950206ba90b1a12898a46bee0fdccd34ca5afe2d7ff3b76ec24981b9f49a46cabc9b346ff2acf68cbb27b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fa10e3d925aff2ab595c14ceffc878c1

SHA1
9f0551b97ba5851acc86e30490bf47923666fa58

SHA256
ece0253eef5d9a9834473a3633ef2e47e5333549491dfe5825b65a600b8aea65

SHA512
b96cfd1cb50b61c1ec2445f6643e825c7315aff5186c52394216708b7086918d7fd039f85dbaf57e8eb79898ffd271e73916149e10cc9c418c0169b3e4d23593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c43ab31f9bf3bdd0069272ecb247d7b9

SHA1
c39db5c6ef18d2fa09b05615ee735d4da4bf9448

SHA256
b39de6ad36af0e5fa3e0009c694e40601849bc980557f1ed28bf8bca6cc982d1

SHA512
2f3f3dbee2a99c9d811fa1deae8eca0737ab1f44398cb49aebda24c13b32a1ea2e0db3511473051854bda555ed9d0ce2d9105e1d139011a01602830543a58704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dcbe75802597f054c4aa2c92051bb447

SHA1
8dd60e105eac6acf82525b7023b81feb1d4aa6ba

SHA256
976cace52b3604d17965e8f8754f3d9fca66ac8374f304ffd863981ad3067fdf

SHA512
e1cdd96b36257ba235f1acd9a00cb5e0edfa28ce573b8226c2b7db2628656191ee5fa8b05498cf868eb9dd2d1c85d3982b04e022b182c830f6a5e1e1681bdab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
61416fa225c39606053f99f67958d435

SHA1
c7159d694156f2a8ad74f8310871f630dac1a4a8

SHA256
5a2dc897375f539e475af77b28c4ed5b1a62b53fe38e77f89afdf05ffc9f9ff1

SHA512
ca04ba1a90a2b3a35f625f9f9c849c632132790a31575138cbcbcb7257928db1b9a2e01347321e98c8c26f3862f0a33a69be2e98482f9a092651c96f88b0bb5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0e173df2e5073098090f2732d1835ae6

SHA1
1ab6226cd5780b3fbce2056822a0790996254eed

SHA256
bf0cd3820759cabe91318a70891c8b9543e4e15df69eabb8e71d6e5a97371963

SHA512
13c2dc2215e472a34f7078a60fe7761492efd778b197c38833a8d030f202bb2f80e6f995f5e391e0a33383f2b6b858fdd92341513fb5d22cdf6070747f91259d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
392e4784deb13a604574a359e836c850

SHA1
d096d23a7dfefca3d92b4580d8f04ae7334a3a9e

SHA256
cafb1e6c1ad30b51728d6739511712c38014624af25f34a7e329e5a258a99172

SHA512
2326df66b962445750e9bcf7784f013783903bceb397c8713fa106dff2fcf1c0d196613ce2fba1fb07886067b992338be622ba7ce4f6c2caae8d439c375d6498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
073733494b29f6e3c97acd02d0b71001

SHA1
f02033a15bd84fa230d0260ca5b11f3f09ec2bac

SHA256
e91d245e15bac579fe27dc53a282f3450d77fba3e1fa155c75916ef92986a465

SHA512
345380722a10c70d0d1b33ff2592616fc4318c137d28ab68ef5a3b3fabc4931cfa945b499b3414e81280a26ba6322e26a459ab5479c6bd2ed5e3501d541392ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
01fb0563a0e1d052d58100c150b1f1f4

SHA1
c9021488e0ded6604ec5075c7dd0360e035e97ae

SHA256
31f443c72d7c5062d9b6d2fec3d6653be92ceb7ba259ade282cc0cd90392a825

SHA512
df6e349e74433fb8f10244d6d5ff5b45e48611a4ca2e37fa1ef8db616fd623b88660a365b36f38ee6b47d0ebbcd63445d88496165570d8833072c60341cf8beb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7322f9587ff7588f7bf4f8760bbeb043

SHA1
79993c85e489f620a61b1c878ada953095b75db7

SHA256
21ef9c08abcaa893315f3e59088ac999b059a1bc963b3b84e82836dd3418132e

SHA512
b5d2bd458a8bfdd493728d2d3743b4a76c8eb654faf00be311c442d9f3b7714391fab7a8d27bde5d692388b7c9ff00ad70b238eb026704afe61d62d4a58d1a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1e12a760c35b459e4c681582e1974ddf

SHA1
9258ab1087b2565c46608706a39a6c42167d7e9d

SHA256
e8817a5378324473883fa2b69577cbad0532a11827c7de59e391c13ade3fb17e

SHA512
78e6882361273509bc47f240a07ed609823e9096974098b17198697502087271464fb3f8969e3bdcea26c6940e95022eadee636dee084ee8766d579b022fb18c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
afa7da66e593fb95201fd577644b1e76

SHA1
305554ade6fe7f48a380d8cea7c7cd451e9a71c3

SHA256
4edec73766c36c48c94b0b978ff477dd409f681d4edda6934bc40a4e7f9cd491

SHA512
57e22be6ebc6668cd657974e40e65fcbf33096297f5f3954dca0ab21527316ca10c331fcdc73a7513ee05ae5c13beccf7853f2a91790ecd6d61bf5b0fcb22665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
2ecff207d7b26ef7a5bf319e5d9ef18f

SHA1
807d423b01c9c49905bc1ee13b384a1df3ac3d95

SHA256
2237966af8b6f8d3d386fa78c5ced03837f9e8a89dadf776b472f676ab5ecf73

SHA512
3f1fe2c2840af6e81206025c5976895d9ab056deffb73f5df0a57ddacdd9a1a827d0ef4414b00ec7e2558a2d90aada703f70bd79c865805ac993c3e4befbab5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
0c60b79b2d33a614c34ed26a5ebed686

SHA1
4f2523f37a6b55a87932506a8583d9408d17dda4

SHA256
35616ffd918bb263bd0b80bbd19c49d929fd14d2706e467f5449c095b6bc894e

SHA512
7e7d289e1eb2d999cc677e6b715c6c2101b782306ec13c24aaca6308c971f3e6523eea1b2c7e965d9a371e7b53b037bd4e557d06b5f1ee24fb442eef29dcbb97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
c6e0204643e5643c7e260bacd14a39d3

SHA1
782af3c34a58d103283388939a0f6ac3358d3365

SHA256
50849d9d48f079d0a0f26688bbb9cd2658f1fd5af225c76c8ea5fc9913d04391

SHA512
cbe0424ec47d9a95428169c8a6295f1b1d6f7221d2e71355418f2de04844e6745029cefc43885b9f8f7143cb9b3edb95bc129d7cec775797aa9be6afc8e2a587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
1057f7885f958038269753a164d62a7c

SHA1
1616070b90a9e8c902027a21b8ec29c04539a259

SHA256
ba5310b62c57a1bcb46d0acfed5198e78fd5e52682fdaa631694ed591cd18fab

SHA512
35d2752ec08c7592609555dce894d33b12f535beedf8c9962799691c7a5df3aff63f6b40e2b9c50c5e4fd6b4c2df70ed14c38ed8bab36820c6529a10b9b6690c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
cd91c87cce75f77b8abd7cf47f35e365

SHA1
ddfe981d196123a6017f43f486e02f6bdf637302

SHA256
9e05e32165d15dd21dccd17153cd3099c453a78cdc3dcfb2eedaaaba4a94f9d8

SHA512
2c31b32c4841f8abd9c6a12385170cbaec06d1a210fd429932ef3eecfd16c6c9b663039cfc51927544bbcf659cb0ffd527a390fbfaf7372f1a2b3b06f7dd692e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584cd3.TMP

Filesize
88KB

MD5
24e11139ae03f67b3eba4e3994d6e23c

SHA1
cffbc204b67ff0a36bf92647d7bb236ad678f468

SHA256
d5f652a61ba880f3ffc00d68834819f66c246a9f3d7f407d33eef9db8f2308cc

SHA512
2f2e4a22ba249614e5bf6c1a31e519663311971a3dc0601c785acd5746cf464b11b991eabe1efbdfb1c824a499208b44dcb9aef07fbd0a645a15c8237288aaac

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 91226.crdownload

Filesize
1.3MB

MD5
8341318173e580405f529486c6c7c272

SHA1
ceebbbdc5cee63aa8e0c86c057d61ca025affcc5

SHA256
d1a3c162165f611f967b34601b3bab67633b94fc6dfcd70ff1591e9ae7b631e0

SHA512
b1ae6f04c9d910c45e378730df57e122945e8681b7ae07439ee3ace210f0c8c71ca9df1d4d03b663d856e840a32a9a9ceeb372e1e7edac841a26271f5f6ca2dc

Download Submit