41d627b42ff2a81a4c463ae5078bd16ca2c7f23654f64b8cd17474c9d8558425

Resubmissions

Analysis

max time kernel
299s
max time network
301s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13-04-2024 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RAM.zip
Size

31.1MB
MD5

35aaadad91ac33b0cb04483cdc49b284
SHA1

197d7d08176d3cb94734899559f660d3cd7a52b3
SHA256

41d627b42ff2a81a4c463ae5078bd16ca2c7f23654f64b8cd17474c9d8558425
SHA512

bff03ebb80ad3423c78c89e6da2499989b09093fc88894718dce8e97e15d34baa2f129e972d553ec5bfde255442dee34d487e1384db7d96abdda7f63817c051b
SSDEEP

786432:6AgVAJ+0HJe5XXKPzWPkNWcc68Dg6SJ5g4xZv3Qn4VZ7Mt1g:pgE+o8XXUzWPkNWcH8Dg665g4xmS7MtC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133575254056206932"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5048	chrome.exe
5048	chrome.exe
3816	chrome.exe
3816	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe
Token: SeShutdownPrivilege	5048	chrome.exe
Token: SeCreatePagefilePrivilege	5048	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 2112	5048	chrome.exe	76
PID 5048 wrote to memory of 2112	5048	chrome.exe	76
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 536	5048	chrome.exe	78
PID 5048 wrote to memory of 4452	5048	chrome.exe	79
PID 5048 wrote to memory of 4452	5048	chrome.exe	79
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80
PID 5048 wrote to memory of 5084	5048	chrome.exe	80

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\RAM.zip
1⤵
PID:4532

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffd1439758,0x7fffd1439768,0x7fffd1439778
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:2
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4640 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5280 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5048 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3236 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4648 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3792 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5312 --field-trial-handle=1792,i,6546938603886600956,4545386956457212278,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
d9e87b66d9b18a710720435591591533

SHA1
f80b3b47ea18d02f2bec424033d12f2e919cd9f4

SHA256
59e3dd8247b38957f800b6a7056a9f4fd1ed9f608c388e99e1f2a9470b0f456e

SHA512
f4f917372a29811bb2bb49871ee6d8ef426d57e3bb4d71e783f4397941813586d5ce11cf4a266eb9fd32a64775c55499d17a5741396a409a76407950960ae5ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5a51f3283d43457dd3d9e98f171e0706

SHA1
e32e31721d0ee37ab0b0b3a27b27a842ac32c8af

SHA256
08cbfa8d4ca0ad0867fa1f3439b5073c57c8e2de7aef962fc36d7d00f1b897b4

SHA512
de69834d1f1b0d279c001c948e8b4ed8fd713a74865868bf8e0fe5a2917641389c28044286a0101d6de8e0289a2f6d6747b5500762372cb2dece618a08b2f983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
d9a02cce6b7776c8eadee680601e1235

SHA1
ab06888236118c2bd7791dfdeaa478ab3beff4c9

SHA256
7dd8e47c1a084905190d41ca9a489248af3643671d69cabc27b24f58097a23df

SHA512
028ecd3c8a737dca21e951f67f01f29d6a516e89d07a33c80463ff57cb16c05a0b96b29b58a7c3e8ffdd5db04fed5887001c76b1afb5c80612c6d4bb7fee3926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d4ffcb32b44ce6c65372de4fc8e3e52b

SHA1
981ef8ca10908c454a05d18d175aab5125c348ab

SHA256
8b0906b4bee75272a35bff1ccf22929128f42cb7883d1c74c774603b6442ef38

SHA512
349038a68f0848668e9ee4de3b5bdb60cd7f8fe8e56c46e7406b9c1a50c495d9db64ae64fdb5a8268a213e59b555451a0c48d95f0ed1827395289c020f345419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d0d7269ee2cbbbf218f90e6aa087ef34

SHA1
5bed877dd09f69eb9173027cbda64270e6d737c7

SHA256
35abb9049964b9b0fad50f074bbcaaf9b2f672c175f24c0d39ebeb2279e00b1c

SHA512
9e98a790d66c8b0242969d1bde35e0a893709b7f6f3fda38207806eda860ae6fe9cdd9d5e3b45abdc7d5544c9919d12ecd37481767df224bef3d3aba82d3d363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dec3add2a02474fcbf712a2a4660efe9

SHA1
7dbcb598fc266b342f4e03a5cadac56ce84d184f

SHA256
1ef4aade6d84bd2594bfbefbfbd895591beabfe1d945c977fe1da1ac9952272d

SHA512
abf291c639142d9750aa096f52b72e587891ab6322166e07c0c561b616f52d07459ee998f67ed4cf8ce5a6762fa58bde63ecfefa8244611c22a9631d38931208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2969e2a80851c15556db4db77afc3319

SHA1
a130ee7aab7dfa6e6183a5ccf3f95e89b3a2418f

SHA256
6ce27ab620ae821e173dc1f67c583eb0a4018986a1390dc750b477b884ad0a53

SHA512
7c1f3e8fb8966f2e6b10f36cddf46c77830040fa7395b94586042c87dcd46bb80f184d053327221f2e8e57f4d3f68273775ef0d580a38fdc9f402320eb9caeb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
dcd659cfcd4dbbbe1c0aa6daa8fe70ce

SHA1
956fac3519de55b1678a277c1a9a72ce00d491c0

SHA256
94783ee3d6c66650bad862a8a9eb44e9028d31083d13cd36637f0ae2bfcb684c

SHA512
821db75586ed1620fc2f0ec411d28bcb9b287d9379b927ea858b00afc450c3dcf51ce6e9cef69a65ebfeab7c15b3bf9fcce59bb0b16531417c3ec740d0e8ed55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
2da0c03b2027aa06676cea9d601f05b0

SHA1
e5f24a4f93487605641d685470f61b93b29385f7

SHA256
2a11fc0cb25a9b6c8783dd864cf64b89c9732b656121b7e0638c01172a9c0ba5

SHA512
a79662e48249bee9d39b12d046f68d56650c6da5175c34e6871b9b199d94a5a18366935d5e5ce463b73b2661a240d3ddf12958db32042eb3b184bd9542792ab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590093.TMP

Filesize
93KB

MD5
fb419778cbdf68351e4702458e8a7cef

SHA1
ea9c1f868b89cd59c1ee585938f9200618efc0cf

SHA256
2ea9aa1ced1f1a6cccf5db86545317fd50466e8f61d182505b54a177f7d2845c

SHA512
d60328b9b3a7e6836bbca0c3211ccb1d738ecd845419f09305cfb606dd6659f4b58b20aef908e779858f8760c8b81d6a6153b5c33d099b86e30452673a4a225b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit