hxxp://escooreesp[.]com/ULi79v

Resubmissions

28/02/2024, 16:05

240228-tjl5zsfg5w 1

28/02/2024, 15:57

240228-td2ngsfe91 1

Analysis

max time kernel
300s
max time network
307s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
28/02/2024, 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://escooreesp.com/ULi79v

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536096095219010"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
468	chrome.exe
468	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 5088	5020	chrome.exe	86
PID 5020 wrote to memory of 5088	5020	chrome.exe	86
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 3192	5020	chrome.exe	91
PID 5020 wrote to memory of 100	5020	chrome.exe	92
PID 5020 wrote to memory of 100	5020	chrome.exe	92
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93
PID 5020 wrote to memory of 5056	5020	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://escooreesp.com/ULi79v
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd6ec9758,0x7ffbd6ec9768,0x7ffbd6ec9778
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:2
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:8
  2⤵
  PID:100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4092 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3360 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4220 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2408 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3684 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=820 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4824 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1476 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2336 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=832 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1016 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4212 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5212 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4892 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3284 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4744 --field-trial-handle=1868,i,9684382454232544893,3007411146388331252,131072 /prefetch:1
  2⤵
  PID:1256

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
15bc6824746b4700b838ec45acff21a3

SHA1
5619ad4f92208eb5df95f8192bcb4717abdb4a83

SHA256
2ffd10122ea53e7e015dea8178beb7cb64b60d24a741eb338decc984d11f0df9

SHA512
95bc5acbd2d34b7820a999ffda8da8aa081e03efb04deaa706d1fe91d5cba27470cabb63eecb9990bf3f994d5e44af3b9b05192d1f6b368b5994288f16b8dba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
208b5733ef9e0a5833df2310389402a9

SHA1
c7d6b4ed90ac6e3d0d84174a95fda31b8b356cae

SHA256
55ee32d0813526a56f767d37fe25e44d99e1da3d0efcfb2be913fc7cd4caf5d0

SHA512
1846cc22ee11f75a1fe473bd27d579ba7db592a119356210330ecc53969714c97475b3c100d86fdb5c4dec22801a6ccda5e345aaa9b403b58ebc92f3719a2668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ea7eee570f198dd49d378aa3988b470e

SHA1
6bd1b1c9fbcf97fc49ba3ed273a541bff7e64a7f

SHA256
d32ed1d6b26a3106a90dba321231ededb105ec8c8f48bf0121389caba710fd7f

SHA512
337e8be10a7a0c05ecf08ff503b629683b877548f2f7104c60e93fa3a1a5a554c8a3c1aa7d194bd64092013bce99076d6ffb9412855c69898196186565792b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c6eb6d0a7446ee31ffa1282f065a9fba

SHA1
15a9ebd600d82c0353666c523f56723acb3d5f2b

SHA256
ac18be347e5a51419ec66f3031b1179da1b3c337d0ad883db973ef13de626cb0

SHA512
5d587def65e398fd5c3aac872153c148953970093ed25b66eda7268a0959b243af41a54e1d96bb439aec1a7dff27fa6e10b58644ad9f7d0396e2001b8f2f89f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
716c140ed76a962f1dfb330b2ad322df

SHA1
740e5052f6aeb9b732f80b36c29911d3b158c263

SHA256
822ee5f9c8ace4b37df0fe1d8772dcb86f7901dc3ea3b38435d54c484f76cb2b

SHA512
84fdc2750514c8389ccb685f72e6b63b6fff68e630680d7a49983bc379cc1870d9457e3a9b295b8faff56f1c6393b45aa410ddbf3c74f2094702b4932481194e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74e8717d85b502c7ad40eb8cb5878674

SHA1
2e1383d5656acd92f265f2e0c26b97667decb9ec

SHA256
5050a090182b7942626658dcbd25abce5a687376f02ff7d7a25018a951f2fbdf

SHA512
e37f7aa2b1112b649622d235143ce8be44e0e11a7d3677f078c78c7d49790f45b9e13bfb78374607e470ff86c63e85565c24fbfb32a90b94f7bdef527b7d46b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f39ab96244e6471e414694823c6c703e

SHA1
2a95e1a0704d5582d102497e1e99e955e8c75796

SHA256
3b2ae26b0940520dc5510d74f951530b675f00b8ce7312e93027573a59e5be62

SHA512
233819c19b912418c9edc4f80774b98b633e81ad84da5a4ad29903e4bf2f72b9f5c089eb954f504d5a0582788bde7c16ee5fa117b0b19c276a1fe4cce2c3aa8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4dc932bdfce584a90df727c3afe883a4

SHA1
ab79b856573a93d3769fdd7f2a3444bb179eb7d3

SHA256
6094f9c4d2f72175f7792c1172dee6f52bb2e3ca64cfd3c9eb9ccdbffdb46155

SHA512
aeb6234563b135a4962afe66413e2ff07d04969faccf87a7c7b72dcc1cbbbee2ce4f13dc40e78d636cd76b9ad5c62fe60aeb4dbdb0f786bfbd7f95566673cebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b175b817f1f40b9201a3b30632bddfe5

SHA1
d9e9536aa51170419b7e42140039156439ef3e7d

SHA256
c07f8e19e5917c5bcf698d4630dc807a2a9162da8718111680fe605efd0c14b6

SHA512
ecb6cc2743f0658f3164dd2d430c31ede68dff83bc06a10adfc1eb078f6d5a473e613e4fee51642a8c713ba72ca2240f4b566c4f41e3e59a641225bc31312e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
2923c18f4e8c488d533feaf73482e1b2

SHA1
2d160a10025b8df4fc969376986d9031718742a1

SHA256
71b612f3eec244e44149f2cb300a35568f3c9b7b7e7f1c7b64b3e48b4a3d6560

SHA512
71443a263b9745f1c4e6baedfea39b4212eb9bb1a1d79564a2fd0274c02217e050cbe306b2db107cbb71336169e081a39fbba97806459258df2c8ea99ba7137f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
9b7f9866536788ecff8a1cafd6862d14

SHA1
9c043863c49b91c99b3fc0d716887f8066f261ef

SHA256
4e4f660337c70599bf7b8cf8d1a060e6abe10404dfae8940b2513677e887e170

SHA512
32de17543b0ebbbe9f18165da92b7fd8ca87de21a0e8e900bb9f93051ed881b27936fd2f63fa648ef11fa0b35be49c2ac3d0d2a42d6ed663e6b5b87d0e9d8daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
932401259554414240b56e08b100b110

SHA1
d36114b24203efdefdfc5274b4f903cd39d09fb4

SHA256
d5439dbd00f9b1035ea9e63717c347d28c176a59635cfaa55d581187cd09381b

SHA512
9664a067f96cfb490fe92ad05e16c560b4260158f7bdd65799754730b50084eba6c7a644701d28ede729b5731dbf81118f350cd3f3d2bd443287347ccc4d5860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit