686495bd2f04f2402b3543efd574a707caac0003dd682909db87da286173e771

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2023, 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

686495bd2f04f2402b3543efd574a707caac0003dd682909db87da286173e771.exe
Size

3.3MB
MD5

38b258c567b378058ac5cad63ab59584
SHA1

4ff45b549c8f26558a23adddb599bf6293926301
SHA256

686495bd2f04f2402b3543efd574a707caac0003dd682909db87da286173e771
SHA512

318ce130603db3ba327a1c1082bc23639082aac1b32d09d08fdea5507ef24a179822e9f0500328131dd44191b5ea59c079b386ce0f6c56399a714028ac87644e
SSDEEP

98304:jgYLkFZCB1bZZ68WY2V0FR0NupgokfAGzeV77+tl:jgYLkFZCB1bZZ68WY2Vz8ppkfhzet+r

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aphallgmabiddiomhodlhodgoccpmmdl\1.49.1_0\manifest.json	chrome.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	chrome.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
34	ip-api.com

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1540	chrome.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133304956016819541"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe
1540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	448	686495bd2f04f2402b3543efd574a707caac0003dd682909db87da286173e771.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe
Token: SeCreatePagefilePrivilege	1540	chrome.exe
Token: SeShutdownPrivilege	1540	chrome.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
448	686495bd2f04f2402b3543efd574a707caac0003dd682909db87da286173e771.exe
1540	chrome.exe
1540	chrome.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
448	686495bd2f04f2402b3543efd574a707caac0003dd682909db87da286173e771.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 1080	1540	chrome.exe	86
PID 1540 wrote to memory of 1080	1540	chrome.exe	86
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 1148	1540	chrome.exe	87
PID 1540 wrote to memory of 224	1540	chrome.exe	88
PID 1540 wrote to memory of 224	1540	chrome.exe	88
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89
PID 1540 wrote to memory of 4552	1540	chrome.exe	89

C:\Users\Admin\AppData\Local\Temp\686495bd2f04f2402b3543efd574a707caac0003dd682909db87da286173e771.exe
"C:\Users\Admin\AppData\Local\Temp\686495bd2f04f2402b3543efd574a707caac0003dd682909db87da286173e771.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-first-run --no-default-browser-check --noerrdialogs --disable-backgrounding-occluded-windows --disable-background-timer-throttling --disable-background-networking --disable-extensions-http-throttling --disable-renderer-backgrounding --disable-audio-output --disable-breakpad --disable-sync --silent-launch --restore-last-session --ran-launcher --profile-directory="Default"
1⤵
- Adds Run key to start application
- Drops Chrome extension
- Enumerates connected drives
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffade149758,0x7ffade149768,0x7ffade149778
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-breakpad --noerrdialogs --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:2
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-audio-output --noerrdialogs --mojo-platform-channel-handle=2156 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --disable-audio-output --noerrdialogs --mojo-platform-channel-handle=2240 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-extensions-http-throttling --disable-background-timer-throttling --disable-breakpad --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3524 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-extensions-http-throttling --first-renderer-process --disable-background-timer-throttling --disable-breakpad --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3492 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-extensions-http-throttling --disable-background-timer-throttling --disable-breakpad --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-audio-output --noerrdialogs --mojo-platform-channel-handle=4536 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-audio-output --noerrdialogs --mojo-platform-channel-handle=4816 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-audio-output --noerrdialogs --mojo-platform-channel-handle=4992 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --disable-audio-output --noerrdialogs --mojo-platform-channel-handle=5068 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --disable-audio-output --noerrdialogs --mojo-platform-channel-handle=4804 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-audio-output --noerrdialogs --mojo-platform-channel-handle=5296 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-audio-output --noerrdialogs --mojo-platform-channel-handle=5280 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --disable-audio-output --noerrdialogs --mojo-platform-channel-handle=5184 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-audio-output --noerrdialogs --mojo-platform-channel-handle=5036 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-extensions-http-throttling --disable-background-timer-throttling --disable-breakpad --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5412 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --noerrdialogs --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-extensions-http-throttling --disable-background-timer-throttling --disable-breakpad --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3116 --field-trial-handle=1824,i,17859802661114967694,1587670274692962509,131072 /prefetch:1
  2⤵
  PID:988

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4360

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
e6b8dc54cf390b9b9ee7ac8567e5f806

SHA1
09fb0574ab4f2fd5b8f9dcc49800b5d658bdf1c3

SHA256
075b0d64d694894f27c20d17bd0e5856491e9339da075485f48183eef9de9565

SHA512
6cc3bd60d9da8be8be859086f22056c5b91597b59b5a085520a37e53b924a169a499251e3d0611863e9c6232fd24608d6e59fa6dcd7f7fb1480c175088cf2ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1540_1143492783\CRX_INSTALL\background.js

Filesize
373KB

MD5
40d8b7d8f70e44409356a8c5db547ceb

SHA1
cf6618bdcf95edbf2234d1f59b8365956556ac44

SHA256
47928db7eaf85ef1c9ca43273b18ff128c926f8bb3d459982c95badac918c44c

SHA512
e480f352f74eeb3346076bfeb50329efc572ab2763d9efcca9528f40042160f9088084b3a8e1d6eebd2a4ae8a170bc73e39da19cabb98436ade5cbc081fba4db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1540_1143492783\CRX_INSTALL\fingerprint.js

Filesize
33KB

MD5
9562f552ed1f71fb3da0af67c910ade4

SHA1
fbf44b938353ec9165c3fc9ed2f9729429437e57

SHA256
73b7a724b6c3a9889176c545e233b490ce227111d2e3b80c3648a5606cb07098

SHA512
9588540186cf9c6d2bdca345220228e64930e70c1d3daf3a68ee266fe78116cd590aefd6455e449bbfca7d4cacd7f23e32bcf812865b697cd63647f7c47d2497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1540_1143492783\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
8bf262ceb6f837e3ead8952d9a17dd41

SHA1
405a3ce0df24d7e65c4106cc78a21481f52e5725

SHA256
09758227f462047c225f38e2df86406326763d398be974b036ba8325f9c983f2

SHA512
1e5f29862ba9700dcfd8876cd92e077c4fdef6665fe4cd789ccf3fa47130d5008ba2b127ba9ed1b330a87ee2a068c78a48c051a8d44d4a89b43954dda60a21e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1540_1143492783\CRX_INSTALL\tab_listener.js

Filesize
52KB

MD5
2a426a81d6667195db88fec3956382d0

SHA1
a8efea0ccf7526b14e90fa59370f2392f865dc62

SHA256
7c7f3a9f095e2ad2371dc936f3c0abdc98750492f53313b595381653f28c02a7

SHA512
3f6ea5ad375fc7805d45dc70ac2f47dfc9100878c0abc672ac070cc769a230d01843e67d6d5d3bba2f8be9a1ab738d7843e91ee561074fdf2e88ce7b93557980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aphallgmabiddiomhodlhodgoccpmmdl\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1013B

MD5
ac96f0462d2bd26e37c223f1b2111525

SHA1
66f6504feac78af01ee1a9be824a115338a1937b

SHA256
40f511339bde0038f9fbe2c2767f7b387cb05aad1a92e5cd1aab60a7b3f8790c

SHA512
805e9c295042dbd454b8e996d80ceb0154a66253a107835f2befa8dd501d9390842133fa2d01b8cdd5786fb53face863db3dbd19c2ecd24aa97cf310c88aa383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
642cd8f083a3d02fd5a84eaf78d3d916

SHA1
b7dcd87225a95012eded80938bdb0da69e2579c5

SHA256
d78b88ad4ac32eaa2728d18d2318106c79051631c5891cfd607aef8f5e7b43da

SHA512
a2659a68bdd36d2696b89221c72f323e4d2c0ef883082d9d774c73001df9fed072a638c53e6cd7ae547fdd81ea5da4b9f828490be47a42651e32829e6317a64f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
44981314a32791d7154ef301ca533288

SHA1
379944c8842cf66736c101707798e10db23bcc6a

SHA256
370a947d9ac613125b42ed54dfcff1e8f4739b99acaccad6f16665fbe978d35a

SHA512
26b09783041dbecba992d23b6b6330975e88a10dc752769dfd312881e9367e0ad048d7b054cb0d36ffb853de35c15a59fcb36d7f2300deb4862ca25233c34a85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7796a6a38218d99c687231c9c1192765

SHA1
68f1d600346cb14ea9ef7b2ab84698d667a81cd7

SHA256
3ac62b0d2f11d7999ccd345a91396658fe88c3cf05088a2b49f7ea8fef42de6f

SHA512
5a8f2d6f403ca10fd2d68fbb4e45009511a42acb8a63a61059b5c05c38df58bdd021bf389faa9128bf33912b5fec5d7a3136d9b042d7c82178a76a1b8fa13c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f55e09870580dd902b60cee4d3188cbc

SHA1
c53c30590f77088e8d7d678a277400c374b1b792

SHA256
ec5b3437604901f5aea16c737a8eb125e27efd368d740fc2acf6626bcdde02ab

SHA512
86283453fd420634f8af839a6a01f95d6b69674944e4d1d46a5f160f0a06ba4a1ca6f06cfc96717741d6f9ffe62f4c2a8384c0eaef89199e9ea7b2efbb9d23e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f5a6de36f1e0e45360e651e94f8b585c

SHA1
33edd20bb673a5e2c965cfbb2e08808c493c1eaa

SHA256
bac878aae604a452991ba3ce1d3cbd1310c832d70d4c2c75eee2cdcf5e4891a6

SHA512
cf3a0e89509b5d612e02fc429e99389e2cf514423b45d8564fc8a3994eaf54826f6936c3677a558560b1a677b1b24ab5147b42f84a4ae929789d39a921bfd602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
ef08c90e77f39493705b520ea7e0a79d

SHA1
31b42aaebdfe3335340b1b4542930cc65bf1ddce

SHA256
ea1c4fd26d61002cc09cd6e86706def21d6d33095b17e91e72a80b7f8b1330e4

SHA512
4a5eec0ce859a6e5d2e7812b01b35e8d8cbf865fc84ad8696f3143a375e8ef6490d11563c28d8ff5a5d06a1d80bfecced85ab4b330f9c753ee254f4dfdb7b4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1cf3e9f383e17d9036b6bfaa07c9241b

SHA1
6a32cfad4ade0ea426df548511b56d7ff0d297d1

SHA256
d12055b9f4d6d6c825171b5f9630b008dd37e2286b681affefc810d067e32eeb

SHA512
9e8984cccaccab4d09c1b521309fd7e8c0b186dec7f47d765667e4c7100f36853fa7fcbbf597e2ecf7516eadf344e9effb4bac7afcbbeb1e637f640ac89ad115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe573bc1.TMP

Filesize
72B

MD5
6d6561a5bf6c82e5870d185b0456cf52

SHA1
655dfd67bb06245a19227581517740b27ab92f47

SHA256
d9bf47e09ab0626ae4c6382fadfc09331801fd0c35db4f074e63198caa31c62f

SHA512
290254d1e8de549d56039fe5b7fe66dcfa2ee7af28d80a0c8764cc562d0d61eb569ebb6c40119bc1cecdf110bf7cb3a6c31d29dba3212dd77e34c17def31237d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
dcc1fbc182a938523be5874d303c5f89

SHA1
545e76f85ab0ff3f4839d63433906509484b2646

SHA256
8e857e8b522a2e7f0e702ae6b538ae8ef0987182611b275ef8aca264d2568399

SHA512
a7f304bcae1254977b05587d40449cb9c06701c4acff172c04cefadd3ee979e9777ebcba69ee0b83117b739d35e42f6ee364e1c48683604aa309c67e08697f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
f977f674883846f0705b6a27fea56334

SHA1
4783829de99b84204581c5876c2a2298f4520abd

SHA256
c8fd41fbe7dc079b8b50e240f7888d38f6032ee15740471d3d7209501d36aa43

SHA512
fd98ca4ac732da4d09666339cefa0cfac02db445b6a2dd18c8d6fc7cc7c576ed8ffbd0000c658c3b2c828c2d79c5809b44fa8f8b50dcb79fe934feb55fd5225e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1540_1200787505\CRX_INSTALL\128.png

Filesize
4KB

MD5
913064adaaa4c4fa2a9d011b66b33183

SHA1
99ea751ac2597a080706c690612aeeee43161fc1

SHA256
afb4ce8882ef7ae80976eba7d87f6e07fcddc8e9e84747e8d747d1e996dea8eb

SHA512
162bf69b1ad5122c6154c111816e4b87a8222e6994a72743ed5382d571d293e1467a2ed2fc6cc27789b644943cf617a56da530b6a6142680c5b2497579a632b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1540_1200787505\CRX_INSTALL\content.js

Filesize
57KB

MD5
61df2dfa7cd2bb036cd0f1fccdf0e1d6

SHA1
795e1dc2fdd45bc38b29e5314cbed3b5277e6511

SHA256
b37e5a33879f6085cc251268eaee7d1306825763808fabb8807b50e506057f77

SHA512
22f57cc0db65af2f2ce485fac1fb8ea7905e66ce2f61741f4e404d62f638b14b91dc755802d9528196222fe3c4d77bf4456ae07f51dbaa822311dae22aaccee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1540_1200787505\tmp900E.tmp

Filesize
207KB

MD5
e69fc41ec787b0eab6982792170c32b8

SHA1
6d427cc02b03e47d891f75e7ce80c1a364c4402c

SHA256
89ba90b3ab2b9031e1afd099db5e8506bcf13d7ab6740366246b06aa1bf2fa7b

SHA512
05c62b58ad7de172803e3fc881af5ba76ebe75ae03e9bdcb76d20094652775c6fbf9ec1fd5a726ec9c73c815d23adacee096965202ae72680b471fcb87e4cd2e

Download Submit
memory/448-133-0x0000000001160000-0x0000000001324000-memory.dmp

Filesize
1.8MB

Download
memory/448-135-0x0000000001160000-0x0000000001324000-memory.dmp

Filesize
1.8MB

Download
memory/448-134-0x0000000000050000-0x0000000000396000-memory.dmp

Filesize
3.3MB

Download