hxxps://epddlm[.]bmc[.]com/bmc/epd/Products/product_25/538773/PANFT[.]9[.]0[.]21[.]002_windows_x86_64[.]exe?ein=538773&ersl=530181&pvsn=LPH3S[.]9[.]0[.]21&epdsid=09dec0e16542456788cdfea23a3e8ad2&ekn=&tab=PTCH_DL&method=HTTP&pvozic=&ekozic=&ddmsrid=PDD-038667&ext=[.]exe&_bmctk_=1682100359_7a5c994a2137b82f78dc5d14b4b6a568

Analysis

max time kernel
132s
max time network
129s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
24/04/2023, 14:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://epddlm.bmc.com/bmc/epd/Products/product_25/538773/PANFT.9.0.21.002_windows_x86_64.exe?ein=538773&ersl=530181&pvsn=LPH3S.9.0.21&epdsid=09dec0e16542456788cdfea23a3e8ad2&ekn=&tab=PTCH_DL&method=HTTP&pvozic=&ekozic=&ddmsrid=PDD-038667&ext=.exe&_bmctk_=1682100359_7a5c994a2137b82f78dc5d14b4b6a568

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133268259810999546"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
4832	chrome.exe
4832	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 3540	3508	chrome.exe	66
PID 3508 wrote to memory of 3540	3508	chrome.exe	66
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 68	3508	chrome.exe	69
PID 3508 wrote to memory of 3932	3508	chrome.exe	68
PID 3508 wrote to memory of 3932	3508	chrome.exe	68
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70
PID 3508 wrote to memory of 4576	3508	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://epddlm.bmc.com/bmc/epd/Products/product_25/538773/PANFT.9.0.21.002_windows_x86_64.exe?ein=538773&ersl=530181&pvsn=LPH3S.9.0.21&epdsid=09dec0e16542456788cdfea23a3e8ad2&ekn=&tab=PTCH_DL&method=HTTP&pvozic=&ekozic=&ddmsrid=PDD-038667&ext=.exe&_bmctk_=1682100359_7a5c994a2137b82f78dc5d14b4b6a568
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xcc,0xdc,0x7ffd45de9758,0x7ffd45de9768,0x7ffd45de9778
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:2
  2⤵
  PID:68
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1984 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4184 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4928 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:8
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5196 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4768 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4552 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5304 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 --field-trial-handle=1784,i,14319187490233129272,1589374574149624012,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4900

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
303KB

MD5
e49ecc27342d10803c4f58de75148b46

SHA1
5c21b9e3f0e3774e8503cd82151a9a4ed562ab95

SHA256
bbd10bf6994091337167d59b1b93b0b9189d145fbcb5df5d45e72d8f52d62372

SHA512
3066f5a122211574b7d216b5ec7b6dd212b0579af9e7368d6765f509d16eb7c79664d6945865a70ab025704fc4edb0e82d1e383ea1f6bdf298493ffad8d6bbb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
65KB

MD5
a7b7e7918a12587fee69cc84717f74cc

SHA1
6d002c60853e5c94a48817fb947ac1b3d16f1b6e

SHA256
605b901bc776b2358a2ea914f06c9da0ce5b422b01f764f308c68e9a789ca3e3

SHA512
85b0c4cdc2e67f6125ce2abc45bb934ea14c0c1a27b9bccb9e1fea7638ca7680765c39e15ad64f00f1fe8568c9ea10a57e6f6d96a21c1d10a339991600b7dd2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
71KB

MD5
891434010f293cd572b1bb795ce33eb4

SHA1
c40d4c12c580d760605fd4e1129f0a39a0f360d7

SHA256
264633bea271a171036ff85bf6d8c4c0c4fbfe6be0c3898ed7b110eee48b259e

SHA512
f2e7dc6453c0cbd466caf3a4093afab8dba81c52e48ba98c2634d61417d49632d31a655e947dc29de8c605d712b1989eb8e61e7948f50d6051aab5def6ff2e22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
17KB

MD5
1303f48fedd6fbb7ce6df4f58964f431

SHA1
5790cebb1534c834cd7fdbc5eba83825f780ea61

SHA256
77f843bf9b5b741c2c46a3eff7f1d90a69760dd122df573018b44f6ba9e94e7d

SHA512
bf5f6bb85dabc1a8a2861ea24bcd8bb2ea0f1c05882982988ea43b3042b9e19e5c62180ae9e89002bb57f79a5dba9408af4b2c0942f02198e96948ae4a095470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7ee1c5a4b8279f99fdc4ee9d7c68de46

SHA1
7975e9dab7e3bf6dd926479698ce2a44ea6cb1cb

SHA256
51253f201ae9fb12b67846d9f99d3b65bd7f7f68ecaef375d35f418a95219f42

SHA512
a488b85997c8ba019c0071caedac0038f7fc45c199c77d1b29589c1d84f1a72d90dd0ed25e484011b311224c8337cb6dd22d1991f87c4eb15ead06da73ea87f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2be31c8c-2c91-4323-befb-54c794f0abdc.tmp

Filesize
371B

MD5
91b3bf12d408cf551ef9249cd9ecfe0f

SHA1
5acfc540abb5d24b881c522d8fa1bccfea964d78

SHA256
5fb4453849afd0f5f2da4d42d91490f4d5aef623e73d25cecb9aba841f0bc14a

SHA512
1e4052faee2e37aac58a8dc97361e707ebc1fbf38206968980cfae87991c2d56d1668cc6cedf247c8db23733690cf160af035ad49a30102a4fcadb774a1bb8f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c108a7b796a97e69e98452440645a898

SHA1
5a970bc76918fcb2abbf18fe76519d77bf952be3

SHA256
2903c0bdab869066a3076a2cc47c6c59eacb88f29d6d3236b774e373435a170c

SHA512
f339f937093670ccec7623eff90fdb96d6015635d96a47380226d00cba9eb3e1485feb7aba8377fbc51ecc45ce883641029188931b1798497655f3ed434dffb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d1316e98e34e19bc24a1cf88dc327d56

SHA1
c6840ee043a9c66380fe6823d3a59b793127add0

SHA256
ef6b0e1a28cb909c14192e2e2d382fe3ac64dcc3da5c729d42aaf1295a1deb6f

SHA512
37940456f787d5115a1d30f0d59cf82521342167d8ce665a841873428a5f8f9410eee06a713caba4b0271ba034ec17f073318db0e3040660642e13954f8ce076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a4ba5d59596f4d95fbe8e5633fbabd91

SHA1
63a87a9d8afb81ce5d0c6012ab234008455bfcaf

SHA256
54ec542c71a9ce2b0bbca89fb24fb3535db44a032100bc89616ce4fe3127b224

SHA512
d20742073460d29824174f38c55c98cf5cbca7ba9bbb5c334ab6b37f19d6ff5a4969b886e7e4330ac16d7423b72eee6aa5f615df44a6bfddc37d8bd65ec48bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3e9e62d416591bda59317c4b4fab7b44

SHA1
ea39b0507dcbfef8bc6e1b5109e0c8c95ddcba07

SHA256
057aa6c337a3c9c3b6decd638f140c332139daf2e18de405a6c6879066022d5e

SHA512
628f8b8ded1d23b5cb2d54cbc9a9f04922db1abda2dc7279d63573ef2a7acb30fb5083f55148e17ecf9743cf270a0be586efe83f56956ddef9bfe58a617f058d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
061b6c3593dd02a67cb2a057219ae0ac

SHA1
5fa56d601674535de6686b5b936022d66aed0bbb

SHA256
787bbc3eeac2a215115b50fcd6f0a1c36f36135b178e6b2a16448dbb5460529c

SHA512
d97a4cc19ce4df20f91074f51b847ebb1121927372073d69c843655e975d58aa7fad176ba9f46f14d2cc269e34c51d6d471d02aa72c06b0d24cf147a834dc1e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7dfc38ff7fbd2c3e93d1ddb9f561731f

SHA1
eae432ae20743c3b09df2068c861d46e7cb5fe43

SHA256
d477a7289fe7d1924f776671b45684f8de5158cb644c611c130a34430bd47c4f

SHA512
c3a2bc93aca107fa9bcf88d0bb3c30cd7635704bc4ac444c71fe9028576311de37dadf9aeed4333463808b1f7d9062eddc367b7e64492bae4959be62836a6912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
12d1d9a1ee532e50ee51212c4402af9f

SHA1
634d5800fdec524e1afa794f64a01c84a8292029

SHA256
2d7c892be54d881cf1b26c665e906e33ed2bacaa80bd85740ce89e2b54e23f90

SHA512
cd0383e6f5490cbed0bce76ec465c1d5f85c4828babe0cd29a9667536cdfab245209f0cb7189ee0dabc20c15414ae25aae2f8918110c63930590b46d68d94e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
49634e8d3f9ba7f6d5a41ece4d08fd21

SHA1
fe47c0bdf2b75c31fc4e325324db0b5c6359dcd8

SHA256
03e88d68e128a1336247edff42d051901b50de360247e755af44a460955d40f7

SHA512
b41120210ac1317545e14d40bb737e0c0e475209d54e391bb57f8feb9944926eb59e15385862d36644dbc139ce31279d0ed975ccbb45191b110da0c211c8074f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
094167579ef6cdd3e59e71681fdc3c57

SHA1
fdc1346c429ca6e69713302bb522f919e686d8db

SHA256
721e2ad287d5af61daa43192f4c658e9b9568a95aca63b736f2a28a4223569ae

SHA512
1da44e34ce537e8a1e21ed6bd3a2874bdd6f544edc93604f635a4482d244ad44f087beb793095b798ebf25a4574f3fa296834334b702e387a59dfff561b5d63f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
118be8952610e70cfa80302e407ddd33

SHA1
d8da155d5c84abb565d1de52742c10b740dcab28

SHA256
b9bf766b59381df820ac500c2579539f689f06e85674a7e487f320fac31cc58f

SHA512
193beb3f9e2215c6b3894bb76a382f7667802e3278ea1202ac4f186a0c3d3ff5973e16f8962d37965e6f2dc5de1f86a7d3abe2e85e5395f688d87a56f4358727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3209b24bb07959d20765ad54e934b992

SHA1
501e59e11030e056595a42a600cbc9c631359c6d

SHA256
0dc6e7d8956f4374165287d452c0cee2260174260eeea65624453428c5274347

SHA512
46ec2af492a9789af88896c8722a43aeb08e78d8d2870a8d5f3eeb89c8bcbd39f58dc1d102f1794b780cbd28a50236a3e0c58aa6548e90979e9ef3883ff32f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ea203bb4f181198b3fb6156ce4e22cec

SHA1
9a64b23cc14549521762702846044f9cb6048548

SHA256
aaf85485149b4c9cdbb48f02f8f81ac7f063123f78260c86378502bcb6b2f66d

SHA512
0468501138a0debae0a2c328c6d53cb4e4d40c14f0618f2c1d69c35c813fadb9d1308c098d1651fe8179b7e0dfb1555d7153cd807aa29509bd6b97855cf026ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
7dedfb5dafaf3781f2d3c6ea3580ba7d

SHA1
a6c900ae6cd162ee4632848feb409ab9607f3d42

SHA256
a3d00a436a9a227d7896b25660aa7cc0e4ca6840690406c65edf419874432695

SHA512
8b2b44c82e97402c6815240534c65de97bd0ddf84533e20bfbc2c0c9bf44366315c1fe2496d254dc3c88b9f226948326b90b77e387c2c110999be4e5f0503cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
4684fd1c84091ba52a2a16b7d64f024e

SHA1
129c5dc9f003b03cbed594037f963c698447d2d4

SHA256
efd71a38283857c415d8a1740435ab63005c0073d0c0b11e0f382d66322d2754

SHA512
6c0ea31a9f51c8b5409e69016cc7b6860c2644148b2f248b8f7fe90dec85725dc784c0a38c46d68c7afa2b2f8d4f2cbb729e79c34ec3868d270d3665e33024e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
8a65cb97658f551833e9361a04b4dff8

SHA1
9ac5e84190c1b11a735e53524544066c26763161

SHA256
8be1f3ad7fc60b8421ca8922992c752a6fef93dc4d4ec09622307e2c912ba380

SHA512
81625d5e62b78fde99f4efde2ff897f849e26c061aa3d8093321cf0c5e5ade6253b90b12e68f5e0abff1235fd3b43c5171f97cf0bcfa769784f591cdc15ff9af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
9a91b020933cb583154d8ce9d945894d

SHA1
314142b7074b52288a34c4db7a9abcb07978be90

SHA256
72ce22d64042bc00b83372874db9222bf7c86beb5d1a57d21e8151f259d5b7eb

SHA512
ba91b63118d1a8af22da5ebc565ad8dc1f4b9dc229869c0666f03c5e38fc18338d497b57e5430ee4168653381afa2d6cfb9a1e731b50892eddf1a0585567e04d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
9745bda74fb61d7c792b65e7424458da

SHA1
6e9cfa90bfe367ce17a16ad4feabcd7fcea09de8

SHA256
04b73edd15f11ed8a0ef0bea4212d3021cccc798881db4c45bea29a1722c1932

SHA512
df8cf8d066ac87e6dbec57444b1f35f28845f1350a339421abcb51a5d9bff389a85f522bf400f088b8d41a1ba43361ae055b999830479fa6a4f2aa5195a1c5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57bf0a.TMP

Filesize
93KB

MD5
0c85884354f6c894cca8ca503e2e2a43

SHA1
dd210599234cb279bea9122dda7a9a97ccea9af9

SHA256
90eea3649be8dd0c572ef095bf7ed2987ebb4a135a13a9477b1406b410a8c8f8

SHA512
6211e9460f1bdac6df1ceee9c5f44bf12fb7db3d378bd2f5e7bdfcd03a919cabd495f6904ac6b4341d93e3d5e9b5e465443150c2c50fcbbb402056691ed7e3e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit