c255be4723bbbc4d9067e871bb77f5c9a07655565d18b97127eb22c22e543993

Analysis

max time kernel
135s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2023 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download (100).jpg
Size

4KB
MD5

d486f6737172ac0755cf896180e5d289
SHA1

69c7390c19619af0287fcf3c36fe33c466e9f5e5
SHA256

c255be4723bbbc4d9067e871bb77f5c9a07655565d18b97127eb22c22e543993
SHA512

6dde62a047411f49c2476298a2e86275f421576b2a86b03c04ca238517f336dec4a6b165c0db8966f422fe08373b3322dc3cdde9c019323f8f2bb84123a49552
SSDEEP

96:OE1pKpBkvh9+xAPaNZ1ep93nwu4HRJtVjL4OZXfQUbbi:a6h9hPaNzep9gu4Hnj8kvQUbbi

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133276950699745879"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1528	chrome.exe
1528	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe
Token: SeShutdownPrivilege	1528	chrome.exe
Token: SeCreatePagefilePrivilege	1528	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe
1528	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 220	1528	chrome.exe	86
PID 1528 wrote to memory of 220	1528	chrome.exe	86
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 4740	1528	chrome.exe	87
PID 1528 wrote to memory of 2936	1528	chrome.exe	88
PID 1528 wrote to memory of 2936	1528	chrome.exe	88
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89
PID 1528 wrote to memory of 4684	1528	chrome.exe	89

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\download (100).jpg"
1⤵
PID:636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba00d9758,0x7ffba00d9768,0x7ffba00d9778
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:2
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3272 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:1
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4948 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5196 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5232 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4304 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5348 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5708 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5684 --field-trial-handle=1816,i,16126619918886692187,12820382194519327055,131072 /prefetch:8
  2⤵
  PID:4568

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2312

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3596

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b1a7d6da7bd19914b5a001aa53d234ea

SHA1
3e5981f7690eebd6ba7d1e30956deb13ec8151cf

SHA256
f5e1c2b98dedf95821d0adc5b5dd0650854a7f3ab5bb2cf26814b4704bbbb649

SHA512
af784e0e32c325a905c228081f84d8398cc9debb58f93de4ed259a2b93b0833503ec15d02e0f8c2aa59419974ceba9be165474610d192a12f28802238fb3542d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
35d75444d56122beef0750705adc89bf

SHA1
dc349c3aedf5ce55ac335586f50f6a2a970c42ab

SHA256
0675d75cd187822c263b662f173760c5a4e531982820fb6fd27cdaa9f11f6426

SHA512
846fc72516a16e49cbd35236e80e7248a3f8f050ca027e005ac1a37c14038828bb2c85fa3e899b593516ee4dc902c718bde4460b765770614d314fa05bcf7e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
b06b35f2f0f5098af413d7363dd27f2c

SHA1
a90e960fcd0770415e9ada31f5a8c4c836c793a9

SHA256
ca38dde48c1ffe751c846a4abc379fe211858b4d9812dcde1b5c30a4a3f0676f

SHA512
a494df58c8588537e961f1248b164124f4b203b688e8094466094368a0c30c2992257adb7488c1c1214f22343f5d26342ab7033f8ec6ed7b134476139b8a5a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
94d3e64aa2b389ef41a0f3b3e0d8fc53

SHA1
1fff73911a0548c174582ae9be4f38fbbbea0982

SHA256
46a2ddd8642affe6abd05fe6914b777047508df65d488e1b61baabed16345901

SHA512
6cd0c10027f0e4a519d0b9b812ab2244047f51092506926163d21d6ca24f012ad86d6d1070fb5b9396b83640f3ba4ff674374424ee5bbb9df01328e26db263af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
327292814df1e4b8ec085c114030a8a6

SHA1
f6fcac67e21a050196be99189e695d20b170ea82

SHA256
de87aceec40fd01c5e1bf6bf1403182bea00ce4ae2b313d0d4e1dde3bdae1769

SHA512
07787c83db9fb9eef9c3b35df0112a75de0d8646f8fbb9c50a2787decb059fdf59de2735ad591c9bc4a53fe39a07371b2092958dff4186981f557fe92def93e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
401b2604ae3bf767d0959aaa3ee8e73d

SHA1
986479fea7bee24948e56a3161f8f545c375be29

SHA256
52337d7435ac90e2cd7344d1743643bbbd00b9e756f0fca559443db62dfc9dc2

SHA512
db2fba2decbd3c408f0d8056292bbedd7c6c0e6416b6c9695d5104f0b9ee6eff45f204a40aaf7f42dd46496dca5a0ba568465aac85ab9f0dadc8249efb59e472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
28e7a532a9e347ee0656b31ec6e2a22b

SHA1
7b69aef879403465ec011ad284f10349d383fde4

SHA256
b732a18901605677c677b3eb89c3219ad017f0c7ff54587e5f9abf391424e591

SHA512
2fb094837d62de653e4328cb76937cddecfc5db0bc9a1c0bd7757eebbeea7e3b6275e3daa66d7f1b39656c3653b05f9e542909482217965bf933f900e956b210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b55153165f5b3959c80f4a3c1b374c0d

SHA1
69bd5b3b184d9598cd03272eb937bf9bd120d18d

SHA256
948732088583ea3848915d6f2ea3bc4a7a6776616484afb1920b81bf4bfa7919

SHA512
40be88732237368e4eeacef3a69eb807143c2b965a4ae52a1e0049832c51a4afca72b3e56c372621d6e6c98e156555513a98050bf5e441952c6f91c4bfa6f064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
15378cb862ea62cf41f495b9895f5f6d

SHA1
1fd781b450a3bd6fa59f1f5043aa1cdc26ffa84c

SHA256
45f73e28ab163a9b71ec6adf4c4c29967f5440567e4c7b97cb9b8490b98f7a24

SHA512
8eb979894cd5506e7cc9fdfe9565b3ded60f4eba9c024f66fa8afdf9225b3b1dd341b2c0d6fdc7c63ae706222d2bdfc39253fe0f4fc039b43bb35555ea0ff3a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fe74bae06ff399fcc007c642ad4465a7

SHA1
9635e28513874bde9e2b356326bdb8b9698d2c9f

SHA256
b05253722aee333bb324fa947a845c12197a966a8fbda8fb5b50c82359773399

SHA512
03c15e28b4ba260e1382e089e1357439219e1d7a4703dd95b8acb6d024ea84c6606021f79acf7a6c2601e6cd7a5465bcb3f0754cb407dc753434c3f7d9695560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
72380de7eafe91666887c2afdfe5d2be

SHA1
b8151632f0283c83cc172fd25d9e5e661c5c645d

SHA256
57bdf244888e50e48ddc97294c1fdccdf531be6b77ccb0741820c7a5ca17a0ff

SHA512
2f786583cb160995497979f1ddf48c9945b6579142c5f8feb17afe36580db0fb8a374aef0a2d961e0e176ff2706ebbff372e7e053df0c5de2a1f48c512ec1819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe577f32.TMP

Filesize
120B

MD5
cffd97be96d57c4213be82f8d65536a6

SHA1
baac1fba8697743abea39af579f1d903b93e84ed

SHA256
05320c2cbf23e1ed6f3498c4e7548b812ba8c0b78c542c3fd99b4ed160c5535e

SHA512
9b64fbb6545bc11a3ae59de81207bb7c429f08fc8e0913563e1006c805282b20355e48149b6c7d95fe136bbd828c5c499a748958bb8e42bc47dbab784d680ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
6d96b49c912795c932aee1ff89bc4290

SHA1
ddfa27a4d93c7edc425b60ac7f0584ff21d55da7

SHA256
deb7faf83681506c501dc64b9c538b29f1ce2ed0fc0b7870bec15c8ec7223dfc

SHA512
e8826df69f7b8feeb8f97a8ba4e278783cd081e95a1ccee63ec8019a5863a32724527a771c4f0231374270b76407e5c64f74a69cd112b34cafa74763068915b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
4e2b7f2ac0d8a4d2bfab7da8a840d44e

SHA1
4b167260eabe34abaaae61607221554f8787cdc7

SHA256
dd66f307bc79fc4f87faedcaecbac1f47aa56a25a2a244e4992c3a46cd71cf70

SHA512
17d88cded0093342095bd4e1edffccebc3c6257156028a2a76071e905f2a1e9f7a4d301fd534717c0dad5d44f64115be29b47253ffcf9287221a2b0f7b49530b

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit