6bd25a4546adcfe6aba3513c81a1efd1cabf47bf6dff7e360ac1c72a7545a782

Analysis

max time kernel
149s
max time network
142s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
11-04-2024 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

haha.html
Size

2KB
MD5

38e216d0e612aac6dc3fa4b81755d6d9
SHA1

37e5ccb6f3fdde7590e267cc46b969223f6273f6
SHA256

6bd25a4546adcfe6aba3513c81a1efd1cabf47bf6dff7e360ac1c72a7545a782
SHA512

e0cabdd35f86214caecc21aa748dff4008232600ae43016b6f15a41b1b89936b619f5b0c0eab5a3ab34c3900a1b6881e953d8ba185392c13a14046341f87898d

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133573194317612722"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 816	2464	chrome.exe	76
PID 2464 wrote to memory of 816	2464	chrome.exe	76
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 2132	2464	chrome.exe	78
PID 2464 wrote to memory of 4556	2464	chrome.exe	79
PID 2464 wrote to memory of 4556	2464	chrome.exe	79
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80
PID 2464 wrote to memory of 3228	2464	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\haha.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdcebf9758,0x7ffdcebf9768,0x7ffdcebf9778
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:2
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4268 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4304 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4516 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5320 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3908 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4756 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6068 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5932 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1588 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3088 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4412 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5316 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3000 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3580 --field-trial-handle=1800,i,10592172993698738486,2738163171780151318,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
5ed124025671bb078013378374523c21

SHA1
77e7611cc4ca286a647bdfa5f9e11fd2da37c16c

SHA256
585edab20de021908c3b9cd4ad1819afe19fb3c41f459e10b5fe05e49a10c73e

SHA512
7ad66e0a81cb10786c8832231b3e307c81d3da59dc196e0109642c5b8837c873cae3212df274f269197f447185dba555afb22b1e99851995978b48779f56e13a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
84dcdb4e35c3c8eb7cb05cb061aa78df

SHA1
044b46b4379d049309df4e7cbcabef3049e2b3c8

SHA256
5d9833120470eef9789d921e2754abd8536507b692f760a9357d80ddf3ef3f4c

SHA512
178c60a492c15252758e7bcf81468652607d67bade1ed87aa39caef20e33c248e5546715a3440cae68bc73595a3081019b172ee9a6366f2c2c3e2ccbd55484ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5fcae6f787685ec9cce734fca46c3280

SHA1
2d38b10ac3ef8e3226ad21e10aa489ee51ece9aa

SHA256
2d852e9e20bd9f790fbc646773146462d5eb61db376f03630f387e7f31894356

SHA512
d6a6a8b9e3818a7527ec4efcc7fbb89cb5a3230f31fd8635853c828583c8338290c155db68d7cd5eced510d5fb2ed41307fed3f328dca09c8b697ec4dad7ce70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ce46c522b4b76685c630de88f59465de

SHA1
7226d99c04bd59225f8d54ce0500be8350c1919c

SHA256
c6e08c2f0cd43d745e2b4198d2599bc2ddbd51096552782887208cb433218a91

SHA512
ae7199c7a26feef365bbb7e5f730bd4a320468795bfd13ef97767c0244f16d21ee33508fa834c05509c7abe7bd2c781f45abd228c93f02440998eb2ea3f97894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
8d046df4c8c043ab568d396d97b2f5b2

SHA1
b5ec9af8dd82d2914a0bca195e6b871c774577c9

SHA256
8165de35d6b333eb138e642739bc58cf1156f89e1f6ebb13ef38b0ee35ea2beb

SHA512
8476578375632e6c6096c546401899163aec4906a22e61143cf2d20fc3001dbf8aba3de959fa4c83028365b7ca034ed041f92a964567a2b19e007e644d4b6eb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6993796e31991fc80ea6e354984e205e

SHA1
b4b312962f336fd540757fdcbc1cb4c55956ed6c

SHA256
8098f9ae9ecc0ac2c94441cfe9c464207bf8d7f0a55a0fbf8af25cfb3f811e9b

SHA512
986fb1abd77fff95002ae5a3ff4744cdf9ebc26eb9a8d4d90a77fcff44692842cdc60236a8a74935499f4347b080e3a34a5966b8a9d49c8079da6c8ac0fcf5a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
06ff2a24cee82d72c9244e6acc3b4ebe

SHA1
724227da033b977f8266f65dd9d0581e1d6d1dd2

SHA256
287b55b42087095d6b5531fea06cf63f4b4a796e340bc331c5b7ba3ca50e36b1

SHA512
96556114ff79a8bc5f0961493db14599cd99fb632b0a28ea7231827b0c46cec3f8ce3af95ce33ae0df7a0e03430709627a3618f90e85aeeeb03be457903b30eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ed75b46681f56b2bd854b008db24bb37

SHA1
3173dd6d26fc1575fe81272bebab004a9bf77bfa

SHA256
5ab5df98ce78d9c11329fab731762789fb8adc3883ef09c31849f345a6b43cfb

SHA512
0e8cda02f5d55c0ba6d2cd075f09f83df686d8951c0fb6e5cc3a06f3ba190156e53109f6cf4d928ce3ccf4ce9a0b2c831adb4d9dad4b8e68d00c9eedbfa6774f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2cba5adea073f0c0e33cc518b2dc2af4

SHA1
2b9971abffa1100f1c033faa9a6dfe4c99becd33

SHA256
bf6c2b42cdd170b173126e4193206cea2acfb9ec8e035c0c879fd07f9a8b6ae1

SHA512
3a477f37b2cfe7d46e6293649f526c39de1a271c58963a7da9214b3d6c21570b4fbb9c3e5385c1e7cec2ad73e3676e9f34e6cfaf034d3c62218ba24cb3a2757f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57e484.TMP

Filesize
120B

MD5
9ec2081a5d0682943a98389f9ed2688d

SHA1
f5cbaa043806ab0e85961a662f73eda3694e718d

SHA256
ac5bd5b5edbb2bfffb79aaaa1151477006b783faca3b4723a86dcc78c031aa27

SHA512
80f479c8693628e006b3dae481c8ddf1aaae23d09ca4cda0a77faa0e58994d0601404d0865fbc6a51ec9d046dffd88ed091de14ce1c91a096b2b11063fe724b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
e5e4ad10845c9cfcfb0be1256175b596

SHA1
d684d798c8e167819e63617d2bd7278f9c34383c

SHA256
48fe3ba857b58d2e8491a537dd7f24bcde771f454ab2a468c75d99189bfcdce7

SHA512
a5b8d7364d916e9b3657e7ea2ef77f6b480f6fae0269aa76a28f411e2c140824892c0e285a581b4c182619a964532af4d0e767ba9a099afbe30db2eee8c9e053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
57195551f72d48afffd4dc3178a826af

SHA1
9be6883dce9981c7d919ea371fb5a51ca8784185

SHA256
da3cfde8b61168cc26b8217a8162099da2a2d527c898d8137f27a238d910a70c

SHA512
4b76bcaf9c5436bbd1db7cc9a2cdb92ce094e241986b8fd12c9508d796fd329e9545a3fd18dce58df8efa34905570a2171b1561da7c59730cc2b87b05b17fc1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
8fbbf1e087283ae75c2f6695d0421c0e

SHA1
dec364f5403c36e3402e8176507ce768b1c79e6a

SHA256
2ccd19ea94f801724ac8ef121d7b8851f5627059dd0fd5f0262e08d2a34a3fb3

SHA512
47963479f2d9a29ad344807fe2ea012eade404c0b913b90a803bcbcf04842414bb2f4c15dd6faa8a54875973e300d815f936ca1375f00f0e48796d791465baf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
3ae79fe33c7acdc236bf91fb39657629

SHA1
242fdc1506e59c30154055cd2f2e475160d510c4

SHA256
1cdd94bf0c9d31b1f7fecfb159406df2d3292f494cde58eab5504b68d9dbe7bd

SHA512
0d551f00dd46ff9c76235b3120f671fe5ebb7acd650ea7d6c9c8e6a274468d9efe05709ceec0cdbe671a031092e342c4f252e94bbc2d384257aabb205bcf5e13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582640.TMP

Filesize
89KB

MD5
ed90d86c9f443f23f7c09382515427e4

SHA1
2c43250c1f080347269f56057c2698b5bf86158c

SHA256
1d3b64de14819c6ace02ec8ba27332368f49b9520af454353d7fa56a3297bd68

SHA512
df35049144773bafe7d53decfb9f00797cc6d5a264d3d72ed3f430b62ac1d8ca9d4c7d73cee4d6b3d96e52df0445c73557728b027c8546b9f716bc2532ed63b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit