hxxps://saphre-tuscjanic[.]box[.]com/s/icbyjkvvo2tg9ky5mrgom9z0oq5ob83k

Resubmissions

05-10-2023 20:15

231005-y1kqpshb69 1

05-10-2023 20:07

231005-yv1vqsfa8x 1

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
05-10-2023 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://saphre-tuscjanic.box.com/s/icbyjkvvo2tg9ky5mrgom9z0oq5ob83k

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133410100536764796"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
1896	chrome.exe
1896	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 4496	4548	chrome.exe	34
PID 4548 wrote to memory of 4496	4548	chrome.exe	34
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 1672	4548	chrome.exe	87
PID 4548 wrote to memory of 3856	4548	chrome.exe	91
PID 4548 wrote to memory of 3856	4548	chrome.exe	91
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88
PID 4548 wrote to memory of 4192	4548	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://saphre-tuscjanic.box.com/s/icbyjkvvo2tg9ky5mrgom9z0oq5ob83k
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffa2f369758,0x7ffa2f369768,0x7ffa2f369778
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:2
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:8
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4472 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4832 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4632 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2772 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5724 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5908 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4844 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5556 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4788 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4416 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6120 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5332 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 --field-trial-handle=1884,i,6025202526623768537,18195749822056777819,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5e9419b4-41a9-4f6e-b1be-14fb6e85c2ba.tmp

Filesize
1KB

MD5
5c3ab7de6a6c2727e7a130b9accea5c2

SHA1
170acca86f95893070ddfce5bcef1f9bea1bc811

SHA256
712050c2b6c2c413d49678b4f8fdf16e7e747b0ca7d469290406689cd527ddf7

SHA512
e90184374ec30030212e82a52553a5ec21437d097d74aa51da67cd87bb94df6ed9ddca542294b4bb9a6d86e4d22de5bdbcf564062610d80b51384e89c94299e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2562b50246972760bd6b78d801637a11

SHA1
278bdc79f4211fc5c40f40d6f668bf9953704a37

SHA256
5fb1cc53f12a95d1a115770d9b44031a56a5db5e28021491d75af77e4dc463c1

SHA512
ad5ba2c7d61af991ab6f5fbcb3e5847006bba6a2b61ef5c43390659dd20dbf466b17c20bfe6a4706c2fdecf3d0f1b09b12e8df12f11c6ff16da76f8cf1631fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ac642b2178cae6fc45facd11a0033c16

SHA1
61486f35b06aa4f98cfcdc032fdb28bd309046ca

SHA256
91245c0d5c7bcd1a1da2f1a4f0f6deda7066d8426639fc73aca8c4d6e18fcc67

SHA512
e72c9c8c889435dee771dc7963378115aaff264eb271b36faf163f36066892be9e2182800e329c9f6927fdc7ed8060c3d5268dea189b99097d8933fb4a1cd4b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
65e70a43c355965e8046dd5df7993813

SHA1
5ca65f200863607d6cb0c820abf5dbe3adc4cd5d

SHA256
91abcfd0332ae0e7adc19bee50a36e9b442bf950b4e5260c1a548ca7b6b7e3c0

SHA512
2d702f3da8de6e018e77b2e1824d1b76a5e4392d75568f8567ecc5558bc410cb3e5fe8c3ee3866188cca9acfb8d6a8afbbef9c28e25c7ac95429dfc05ce6a091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
94a51a05987ea8885e71f7bc41f16007

SHA1
c312496222d6e05eb857cd1769db5801715a351b

SHA256
c1ee88d97912313afc4100c4b3b6c3bf2eb94fcf5a0442704e58cdc55d5448c4

SHA512
023546f13494d1ad6c3cc5eaa80ff8faee0e6603d95332d83465bd187d0474dd07aaf42723c13e3dfafe7eb3a38e103e97934f3091447657a25083b1cbd6e003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2937c53abff8b09eb1b57b5b0e9661dc

SHA1
b368fa07efc33b7198aad1bf8b427eb7e0e9cf04

SHA256
fb17379852820d2bd7718b1bc39c5387381b3a0b0abadca4f364d825c2e5f2d8

SHA512
d74c588053361060017679ab7cbda0e5c2b727ac9604d33f74d85dfc59ddb1b4b327e4ed7a158ba15293b84776005e3413627aeed1a67e871991206e9310d1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
50cf2dd630bf679cb593d5a928daf955

SHA1
9b0c66bfdc27e3e5823ebaf7d5828de43fb9185e

SHA256
45a3d436e37902510c77a82c8b7fbefb2987923cca12a1ad35b2673be873261b

SHA512
a228f514f1a3ad66c85732cbdefd16b06b016df384512f20776b74bb52d9ed65136b5ab87955a7d046af4d7e304678ac0730ea4e5a4516d19591a911899e2a78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4565910f67b26a98a6686b31653a0767

SHA1
96de9e16c1a2f9ceab6f23e82a4b98c54d9ce275

SHA256
c133773a314b4a964467d1a2916c050164eef940e5968101b5894371b6f79745

SHA512
43269b5f18bb3cfb21a9118b73bd1ecc764ef65c01e26298ad05a55a46be4188a0a1de642c590a3baa0f3e834624ceb2ac4eafba05bbca8fcd7122f162bd647a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2bb6d48fd0e4cd45bb9a1aff32a1d4d7

SHA1
6e59a15980a4defe642fe0cd52d42768d7c67688

SHA256
8a9b023e509ccf0ec9d45d728cd58ed4b9e88ee28e78336b341ed6e9fc2bad38

SHA512
26099f5e44c0ca09add411a0ec84433b95bfbb48a3a6fdeb790eaf27b97d00354653be002de020e12ff827ec81aa12d18a7999586c4fa70ae4991bef254c1c2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
449888c80ac7dc1a5cf88f0b548fe453

SHA1
e69b4ba240ff6137ee5187a50ac41f1a01e394f8

SHA256
85a028fd84a027e0bf227099240026033d68a2d9fa324bf8e070f88780cdefb5

SHA512
48dfe0b27258c344e6303ee4fed952eb1a341f2b9fae7f6cef0975c6b4da420be39f9aecbb2eb860c920cf6566e9b205c98d994514bf8fc10d6d25d2c9797875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d4499cd9b0117976acc3d6da34e016c

SHA1
683d8798cded5f0e2ed7ea4176dfb0d3ab022aa5

SHA256
b104baf89481e43334f12af718aa457c3bc658c40e930dd7145eefbc4ca7f849

SHA512
8db28572c90dca5ad7a084a7bb026958ecda2da83f8ca698d13e816e31c571e545f2b0bc91eae4435db6af86f2e7371e9394cb08a24b7adab8fa96d4ebba7899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13339235033674198

Filesize
17KB

MD5
42662cd210314bdb6d16fd80a1c81fc5

SHA1
280be766e3b3e68da274ee5bb6ad9b78994a06a7

SHA256
54a360957c0c58ba228a663004914bf105b9671a35eb42221e6294a8fa4a42d6

SHA512
82d16fdf38a38bf7c42ffd060f073396f66ddf29574d6cbbacadab98929c6cc7269fafbb71e99e70f987a2bc866b2fdbe79ad969fbe714b026fc76cbdfc540ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
f699e840246e2cb9f0244ac5b3d5ea88

SHA1
3433d04c1fb700c1283682697eb78e8bc24a367b

SHA256
09d8ea2c60884d459815717a11fa5047870c703d981069a6b5fb60fb250de7c6

SHA512
4d2551741433823519574f489174febbcbc8690c6b5f9b9c55d17f6926011e30842c5ad223945869115cd88ab1a787e291de555f4597f032483c9d46981207b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
cc7afbd3863a4fdb0db0f337b4dcafe9

SHA1
1b87b8057f8605a35e79b2b9dd0f0308348e47a5

SHA256
117492fe32fd6b58d87c053774434478dc98642288365cff54f410883fed12a7

SHA512
c6ceff7021b361649321d6ea86c56cae0b59bcec2b01c54a4f71dec780498cb1aa0940a9686939ffac084ac3db617457149380b27af18d876d8f1c8a5a1196b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
5295e8a346971bb5b3d32bdd4c92782c

SHA1
e4c1268fcbe0a5c72ff10b452cf9d4d69a5f8c0e

SHA256
b1830abbe4754894e134ca032d871a6ea9fdcb26aff352830fdb22b61925547c

SHA512
882ede8e0b1d5c2979e48dbccbdca1581c601f0cd5d10f5ef7cb7c504b0604f64611d3b4cdd42182dc65f2aa481942f5edb99aaef4b555444597890fd2797709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
d6bba543b2bebab8e04ea5d3398376f5

SHA1
e3031b0b4c897213de01fe32afecf18f7bcd2714

SHA256
844a4736bc166fa1b7e59f7c3c2a831a5e8f93d3077466ba4863db8e63033412

SHA512
bf0f43b98da59ac4ae815776f86f8b4bbc3738da10e3cde792021ddf20963b8a4ecb99379e348005478274784ce9f7ffffd9d3c2f2b80bed44d419c64377fa30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5810f3.TMP

Filesize
97KB

MD5
fc1fe553356f4080e511bde413d8ccc6

SHA1
611ecfea62d5ecba490fd4ad16c9a33f160e3e5e

SHA256
46e424b6363a51252a43bc9e9c43a93ea7f198cde65adb2c7b41eadc2396c8e0

SHA512
f2660ae798c6beb588478fa4e5f26799c007703ca4b8a1f3d527cd45944602840057cea2a48a5e8b51b12dcccc028d95d71b52212562ae039f6936a9121b4332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit