hxxp://minlngplus[.]com

Analysis

max time kernel
150s
max time network
151s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
12/01/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://minlngplus.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133494959459927251"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3988	chrome.exe
3988	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 4992	3988	chrome.exe	56
PID 3988 wrote to memory of 4992	3988	chrome.exe	56
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 4580	3988	chrome.exe	75
PID 3988 wrote to memory of 3980	3988	chrome.exe	74
PID 3988 wrote to memory of 3980	3988	chrome.exe	74
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76
PID 3988 wrote to memory of 4968	3988	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://minlngplus.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe64249758,0x7ffe64249768,0x7ffe64249778
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:2
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2696 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2668 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3644 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3684 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3680 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4488 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4408 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4156 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3076 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5000 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4908 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4348 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4304 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5108 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4168 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5028 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:1
  2⤵
  PID:308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1808,i,14373941858943225826,13994309557595392561,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
6b304da142633ccb49dd9d1c789a25b1

SHA1
eeee05c7d39b20f4cdc9f51ada83f97aabe7a673

SHA256
f640c881e679ae6ce00ac82a696d02817194db0c6916f9f27115bb45c58be3ff

SHA512
4b5bd8d85fd5e4a1eee2c9e7dd397592ad02e9935e6af4c356c8fbe382bcb391ccc2e5e38927076a5793df4f98f7daba914c47d248c2f5f4ae31ceab432b81e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
21930c46b56c1b88e16db04e77be8c9c

SHA1
424f457a493fbf1a96d815d47057f8561ee76d54

SHA256
ba1ad2c5ad3982a82d8324c701652eefeda1a8437e1edfcf8baaca1cda76108d

SHA512
dcc679a943dc7a5f14a8e6ad6245524e348a503fc61ca4c30d3f0a45b85f01eccd77b390e6b456d3492f5814a62b1e7070e7ec618a8851ee078d592dd85aedc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6d22e01ff353666374f830dbb065bcf1

SHA1
f78669f67505656f39712b885e84704c8c4e1fd9

SHA256
55e1d0557d5f5a4be4665dbfeaea9e3a4c2301679264c34e311316d84b808955

SHA512
cf049f821d01db8a55e3acaed4836ab9beea58711f4702b9b11d05fa809da3bcecabb0f1c65f9b15113d83a66f7bd46037f16a053328b0242dafff81a7c9c91d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
943ff3c42e92ea246ac14abfc0eb8517

SHA1
983829bb8335b2e918efbdb68ced9a68c3005ef1

SHA256
5c66e2c02a1ce99f6d36d0d2fd324a9c87a7a17379d74de743e68aee3f428ceb

SHA512
e8b085a029ce59b25df4ed37a9ea41470f5a5f3811ae4025f23adc666418c75bbccb9095801487a1cf408413831440ed1e04adf4edd0795d6381e37f5a0e36ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f0e2226655de0af390f44e7dadc94d8a

SHA1
48261f7692efaa7e8e582c3599f6f326f1466205

SHA256
bf9b98607735b04ac97bd085ccce903be9dd822b145deec58e345f0457c68ded

SHA512
34bb042717d1af92e4858cf8c6d7d7bfbca6809627b58d0c28c570c87385a91339ac8a64d8031d681b74ea1ce0fe8b6a0bb3df5dc5a2e945a2472e6d45eb124c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a1f8014782ebf182b3091d9b4730fd8

SHA1
3293c4748e3cdf2f989109184210627e1ca90aaf

SHA256
727eb839d8b94f6b8a9b1fc38ad4775629a0de38ff6290a5eaa49bf25b0ff367

SHA512
4b7fbe278fd2179e4384f9ce5cf36c18f07f532b713c608cdcfecba7c79d273f85ac331700ef133ce375a61b07e659e6733e5b29de2df3fa8af1f76efe3a7172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
95acd1b582e5eb699319e7e55294a79e

SHA1
b11b45ae8b3788ac41c1862f6377f7f42291862c

SHA256
c0f274dcf65f8dc058ec6daa1f54107f9d9afe16eedf38bb926f3322ffb13d0f

SHA512
3438be4e5f5f3a6fb5477bc82be3f24fc25e40bdc1cafcfea4af8ca603469ccd791c04e23a5be0d735762c37cfa28c9487369fdfd7bb891c102076001dbe7253

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c7ef498018c00b29e876a2d98d775288

SHA1
94ce7f73134f33e7237fe12faad0fb0f8f50689c

SHA256
8186952597b225e936f56a9fc0d224a081d9650e59e8501ffa9ab075a1247925

SHA512
3399e24860df6305353e5762b5e245c68f0c59a206cf91ff17825d43d5da3f60b2cbe2c33d0e6ebba266833ac9fa95a78d1b43ede1efebbbd8aa577d0a98a05a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
d34205af6f40566928578508428866da

SHA1
8d1b08300701bff18885305b918c82c22b98d7dc

SHA256
4a92c7b6229629a05bcc3e0c54f34544e96a905ebf36b8cdee78c1328ffa93a3

SHA512
733a3aeb41b5fa0a77feccdd1f656d9d56ef3e695ceaec9fd7b596c902d08566ed130c4f0d5e3c1db68a60bfba982cfbb5fc53f8e0f754a7bd6e94da5cd8ebf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
ac1634122cac6287a5de564b89cbb74e

SHA1
5c3ba27bd0e33a4b66b76e8c1b3080c4b0698061

SHA256
71289b35326151f9134e39052d8ee9335e9c24d7ee316b2d8ec68a403fbc487e

SHA512
432f7f77d0f2c640493ae9caf30403aca4bd835f505f0339aee43e693ba44dedfeb8cd14550bf369f1a2c8a00eda93172b02e4118b97f90713005513557d5c80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
102f3326c5474106e725f7532f1e164d

SHA1
ceb2ab94f8e0ae1a859c323cff73f16b09e5a323

SHA256
ee1b5134df2f9e352f85ad7769af5a17d22aafeee78798f94327f014dace45c6

SHA512
96aa561b0a182af64e391992d8b89d9c567fa66c9b6add710e30a85f62bb97ada7d721e55106ac1bcdca10079077b2d82744819ca0846e055c8a26e4b84a01f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583b5e.TMP

Filesize
91KB

MD5
0e1db1c5bacfd976050d72d78b8be4a1

SHA1
7478cf000cb82a1a96690f64b826c769d6ffa502

SHA256
9283df01ffc75ba09ea0aab42e7ee0f8fff3c21e120cd657f2be7785aa29f699

SHA512
87174083dc10ae51a62c604db9bf5bf108a08a9d2b3c7f7b562cbf29db1f23386a1b2f0f5238899e83dbea51b548f997d0487d05872d0a8b192f23fd912cff37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit