hxxps://www[.]anime-sharing[.]com/threads/%F0%9F%94%A5new%E2%9A%A1-15-nov-2023-nupuryusoft-udonge-in-interspecies-cave[.]1392984/

Resubmissions

16/11/2023, 04:29

231116-e3748sfe88 1

16/11/2023, 04:26

231116-e2kmjsgg6z 1

Analysis

max time kernel
166s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.anime-sharing.com/threads/%F0%9F%94%A5new%E2%9A%A1-15-nov-2023-nupuryusoft-udonge-in-interspecies-cave.1392984/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133445825739330370"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2484	chrome.exe
2484	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 4692	2484	chrome.exe	57
PID 2484 wrote to memory of 4692	2484	chrome.exe	57
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 4924	2484	chrome.exe	89
PID 2484 wrote to memory of 1820	2484	chrome.exe	90
PID 2484 wrote to memory of 1820	2484	chrome.exe	90
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91
PID 2484 wrote to memory of 5056	2484	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.anime-sharing.com/threads/%F0%9F%94%A5new%E2%9A%A1-15-nov-2023-nupuryusoft-udonge-in-interspecies-cave.1392984/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff976a49758,0x7ff976a49768,0x7ff976a49778
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:2
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5264 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5596 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5036 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4948 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5824 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5972 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6272 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6160 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5048 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6544 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1684 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4652 --field-trial-handle=1672,i,9192584116723054007,3313244397144988205,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
38KB

MD5
588303e7ef20b77b22a544232a5077f4

SHA1
4f5c7044e9501434ac1b45729b2dc0cdb1441c2e

SHA256
e17428348e9add4422ea3e9433a3ef18af5e8565f7ed0cd98ff9dbfd74698d25

SHA512
69c4285f90aec7995883b3967bc4326128b252fe32e1bf439af9cb61896f4a269595ed45d0adbe247a6887897c7e8c22a8c1553ebab31caf5958d8ea4d688cb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
37KB

MD5
bea4abb3d98d04628148e0600e15410a

SHA1
36bb02a83a4426b1723be52d2bfd7c5eb5c3b403

SHA256
0f57f9b4bbe75e21099f2ea07aa94aa7db8567fa79dc95318a8eea86ac4a0803

SHA512
229c85004977ad2d7c3b3926daefe16ee8700984522e30f1588edf6be40831dcd9554ae9ce5a679db18c772d41f209a57b81d4fd27f555e26fc221ee58b28001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\463fbd108cdb08ed_0

Filesize
3KB

MD5
05b93052046cc553adfa5f2a9e6ff317

SHA1
33e1b09f6f7f7ee615b1961621d44fcc70b5766b

SHA256
8a59d17f0c1c6c76b610b831d2c0550b8c9b0f129c03a91fc5576db84629d9ea

SHA512
3ef87031acd1939932e7cf8fe1ec78365e455f3b82a157b658d0ec6257d318f0189cc135f045c4f801eb331a0d8a87657a83bfbb1318cb209e5d1ab7c0b565b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
df3a4e281141a35adbac9065707f5c7d

SHA1
e060febc72172cf1007e8f72ff25b24be4bccd2d

SHA256
2516988e80709155430edf39faaf92acb8ee53ad869ff7e7f43afeffd6de5ca4

SHA512
d67fde2095cc6dd419abdbb0557ead10d359c9c4256730c27a245754e89afbf27707e37dc83993d07f2a9d3cb3c20549d81fcd1c0e09aa4734cd826e9eaee455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
da663de8ad953637b4c79050da35f301

SHA1
cc4a892c414d1b651cf7c38b9a80d7cdb4c6820e

SHA256
4384f19ed77b93af52afaa9de83bc6675a0e14a892f9573f0d59d01c631750da

SHA512
ddd0fa7f080c948727de1dfd8ff4888a3b776cb3d7606cd1ee8a0ba87664381468e853d321b29ea53ae7fb3ead8f811ae82b1599f7cab15219fcca1a26c733ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
260e350992fa1e6afa9771f7f831d558

SHA1
4cf5f4cdd5a2d638947933724741ef105e7d6bbe

SHA256
b4b00998abdbe776e4f93c746e58617fc217baed8cd5766c56e99151507f9b69

SHA512
16118f3a4836d708c7d9122ff0cc1f66219fb027010ade26760f4c3e9f504f1ba0438c62437ba0d786f1e1dec006b28689a4324c2df976c1eeb912a48f9bdf1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5682025e9d2858a41d2b9d043d33a199

SHA1
0727794ae2cc5beeea477dfe1dc2a1aa38837e09

SHA256
678ea084352af42cfef2dc490c5717fabb083cd05c50a43125ef42112d359773

SHA512
14018e14094173bd789331bd5a11e27eafd89e3ffbfe4aced32069253a8ca3b47f899509d565a6279819c9fcc4e127049ca7e4b87335c9d4cbf0592cf6c67953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
15f468bc20d2a6e920919e988fcf5858

SHA1
09a0c4ae5a97bdd43394e916a7ad29644091e017

SHA256
e94af0664d5f2857f3fa8dfcd697362cdda52f60bdd3c8b70408422e85b0d644

SHA512
b8ec7b4f682f9b37e24f356c7d357811fc2fa4012681ba067e377ca95fd63c5568f371dde8fae070bb3aba411cf1e33c3737dbd94b889632ded8b725ce3c5eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c9399a2120d74113f89778a06ee7a4b3

SHA1
184f4c2c14ccc9d2c0862803d3d62e6634da5ba1

SHA256
c298f9f0dabaafa65e9877ac2af5a01aad6afda292bcef4ff565bc11a9d0b10a

SHA512
84c36be9ab00954b03081402c3c4101491b2a40080e7a2faf1937e58c26f12d2ac0570a5afb88b627bd4c57e2759ceb9012a99d7c01aa4d1cee493f597661d6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aa16ecea2e241ba70afa8988b388f900

SHA1
2e566b6f0ca9956e534f08a43360deeff4475a36

SHA256
7e4940734db52621f8009e3bb82413d369c7737f15b3e805b28995ba16c0a6c3

SHA512
a9d433ad63fbb63d679659b344cfc9a0d43a72da0026d99fdb356efa63cedea2b06927ea5ab4f2af3c8e0311b407fd54684aa2017265188ce448420ece8450e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
d581caad83206910ab1f8f9d70b48f11

SHA1
982511005c546c793200234f44e6384b9e28afbc

SHA256
604e419542a6582737c82f697841d47d48c6d45b9a9a8747fc6a688dd7e1229b

SHA512
4d71dd72a48752d7432a150831511692d5eab2409c3ba9627f3ab2614232cf4be1335029e57c6face9958f74f2615ebc7ef619f0a7410d51317458f279667787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c01db15ec155d900a0f897845ae5d04d

SHA1
809555ff683f8d3cb200f9b2465ddb9406286073

SHA256
b36b2f04d3276699b706bc8b8ae200f6c2f95db3a660ba9d1181ef350befcffe

SHA512
0c7d772f32b42a7e9adb1b4010bf4b7cb1fcea0f85dfd8139e77c51b64417901e7ad969436f74ff88e3e609ca8345b9f33824556710d064b04188d3b991a8fee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\507b70164d6e6cb60df3592be3e443a7adc28bd7\e6db1a57-3700-4108-9aee-54a05c84aad1\index-dir\the-real-index

Filesize
72B

MD5
3922dcee4078a47f68b0ddae0eaaa0b1

SHA1
a88ff82316e8223b4904c6256a7f2f59897e2754

SHA256
085df2258cc3fecfddbc6d5ea52996f8f27e9150c3023d6474c3e64878207d74

SHA512
c734ddf5fe737a0dd4c4feeb99258c46e7cbf181f557d0c3dbfd6c9e54db3f1b5080711c58d190c08ce0eb903158f6ec5fe3179ef8f8a5155c096640fdca796c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\507b70164d6e6cb60df3592be3e443a7adc28bd7\e6db1a57-3700-4108-9aee-54a05c84aad1\index-dir\the-real-index~RFe57ed4e.TMP

Filesize
48B

MD5
9d4ceb05a3b6c460e8048aea898262fe

SHA1
4a2accc3b91c1a850f181a1dec28c7c1e71b84f9

SHA256
2b6610e1523cb04b0a3074cbc8c1c59328e16965550c92e817c8d8ad7fc4c09b

SHA512
1fa32c0c25b575a51798260ac95f52fe07c37c080431cd5f684cd9b1600ef2e2ff76de2f888cd77849003367f35106e24f83ec46119a394cd8d6de6433ba2fab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\507b70164d6e6cb60df3592be3e443a7adc28bd7\index.txt

Filesize
127B

MD5
12bb3db5f5e0f397b613c228f6539fc8

SHA1
a2383cfbdb796bff7dd7a9c9fa1789cb1508e617

SHA256
b095e8d8935b6e2afd4a1240b72bee23d6e8c5d05f3a6cb21e207ed8af98ec72

SHA512
210131f7b87470f48473bcf5df19d5ddad79553db200dc5caae431eb11d1d92173c16fb6ba845fcc5c6750641b54f6f37ada0b3f436022e51b58f847d54e8bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\507b70164d6e6cb60df3592be3e443a7adc28bd7\index.txt~RFe57ed9c.TMP

Filesize
133B

MD5
46c738885ff602f00971b60d05f55cb1

SHA1
ce4675e61927a589550c178123d22f238f879a28

SHA256
07a0e054c6fb25e3bc8706935ff389fa2afc7d1cd37c736c1786e7e419b13b5d

SHA512
dfce0263225cc21fb1d5f466ec7257ad0a7efd69e6439b5fff34af5602c0f0f0af087a16208e7748e0c292302649559a26fb6ee0f592e648b7f8955f79702885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6a7e5cdc7cd115869055e1ed82af5c2f

SHA1
b6def347ca0f38ef5972fac1c588045d177e9b9a

SHA256
90263159221c63a5796c889dc1a03c9a61aba42222115cc2a48ce2fb2f7abb80

SHA512
3144f70136d0f186933b583539c9e599fe372b0b81015dfc6fcf6bd9acdf433b2497e1bcd04c0a9671a865262dc1f4a61122fa00b80aef7785189385d43f03c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57eca2.TMP

Filesize
48B

MD5
417c9da2027d2fbd71805e4b7c9fcd18

SHA1
f255d8eae97302212017c5cc1c85f4cc0b18adcd

SHA256
eaf859cbfdcee96d67d5a45dd78151a608c4ccb101dff4091cf6e251e5b9fe7a

SHA512
22604ac69255a0f4cea785e33ff9230ea04db522adc84776414435afbc5d1aa7d132649c45e223c6b7570848c893775ecf7880383001f41a1d407d4805499993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
372cc4c502975c5147df547c8c568060

SHA1
b4053969806aa6526584b7c11702e5830ad37e56

SHA256
824bd42053768180c77bf07d716ce28c103ae515cd8b83aba29e8a2e36b4c58a

SHA512
654744b656647bdfad25e3ea97551b942c4e84fc7ab54202103328f7001503869cf843e8b32a4d8e0950392a2d11a29f79f8f6afc51b1e10cdc4ad8f04358e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
fd3118a80fc371da1bfe6ea971584487

SHA1
3fb024953d56fa9c4cba05bfa832d2400a61d806

SHA256
819cdf1d5021e4310c29dce83053f96e0889806393b1182c6a3dbc792642641d

SHA512
a5b6a017c6f0e03a36e89d82c1d230d089beb510d2b56494b9e52b8a565ff7e9d30f696f2ca612eb6b439548cd1091044c4d5d6aa0c96c6bc63bdefc8d4c11e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
f8762b9792eba0afae6e277ac9d1bfac

SHA1
688f04942e98b5f12c94552d8760a51843bb7a2e

SHA256
997d24c28d74de8e5d86b8b28973efb8a0c83ace30d11134293d7d4edb23c30d

SHA512
2ed5b04bcd30099eeb11d5820f51a6284d4a0dd1065789ab1ad6cfd6c8da3e5c3d623a31f6436e2cb1b6d0cb4d9c8897f60e740a7e1569ca77704364c60f41b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59697e.TMP

Filesize
104KB

MD5
b058d368ed80de764e2872083a669e56

SHA1
b11c1ee168b2f94b4659e3eca17ef46f6481952f

SHA256
d574b7ec58904ff0a9d85bcb0843ec5e8bd499b081b0192ffe426f074c08aa89

SHA512
f8e69ec7084f263deedd8032581b568b2f70e7a8cafec71467766248395d32787d0041f37199baf43bd218edd32289d418f81f7d81a46a374313c7fc46daad6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit