877078fa114267acf3873a2552a0af56aa79a6f109855494adfd7cc56a23118a

Analysis

max time kernel
299s
max time network
299s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
21/04/2024, 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ahl_95.png
Size

176KB
MD5

1410cc507ab031f350102f11a69a03da
SHA1

984bbd8f98bb2f51c7a0eb3af0930a311dce729b
SHA256

877078fa114267acf3873a2552a0af56aa79a6f109855494adfd7cc56a23118a
SHA512

ce94fa1713c37f929fd1d6ca37d45d136468d6ce89f8eff4cd23bd45070c16e1e6a75d618cd13a4a2769ba8b092a0b4153b46f01b3ea6c88a807e63b9768f849
SSDEEP

3072:QAczOLy97BYvu2BkoVtVjhJpwUcCSA+RPld/jXAUeY5YEaPG29dWyhDmCuJM:wMy9NYvXBkoVtVjhJpAlRP/bXAUea4NL

Score

7^/10

Malware Config

Signatures

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	100.20.121.79

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133581977451835071"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
240	chrome.exe
240	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 4996	1324	chrome.exe	75
PID 1324 wrote to memory of 4996	1324	chrome.exe	75
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5060	1324	chrome.exe	77
PID 1324 wrote to memory of 5080	1324	chrome.exe	78
PID 1324 wrote to memory of 5080	1324	chrome.exe	78
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79
PID 1324 wrote to memory of 4640	1324	chrome.exe	79

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ahl_95.png
1⤵
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xe8,0xec,0xf0,0xc4,0xf4,0x7ffbdbf69758,0x7ffbdbf69768,0x7ffbdbf69778
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:2
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4032 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4984 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4880 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5212 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5336 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3160 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1536 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=892 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5296 --field-trial-handle=1832,i,11051421885644013607,11559705110530552926,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:240

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
18KB

MD5
66662aa8e425db63e9d1c05b1fc64321

SHA1
1ceb30cae73a19ea5bc8659d117538250ced4913

SHA256
f53c35af2ba8221c25d41f3b5eea7f01db4a6432c845632f9a03c6fb0fe1ae39

SHA512
2814ae675b07d339cef54d2c3d9edd8be3d9e185c7ea4d3d41f43ba3757d11df0b124354abdd69ed052bb526a3bdc3d8829036ddb6550300b9ac092ea97a225a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
24KB

MD5
22f75ff92505eca80723b1320e7f6a6b

SHA1
75abbd91242fba3cc1525336dbef20869356c570

SHA256
83deb02239e412febd0416d1654bb2255852f82539757fd7872852d80f9ada3e

SHA512
48cc5de359c9ccc928c5c8fe0f17deaa53d0bd2913589a065a413abc323e8b6d5a7e66e18fbb6e583127882e6edd105cb5b8787ea6f7a5cdc521b3d3ff50663e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
150b26c48001e5d4f02ef2180cdff88f

SHA1
ddb7bed8d0dc585c35823ba437ca94a8a153ec52

SHA256
a9591d2c6f2d5212829be96c51daf9ca5b80b5c1e3740bd81d2a0312816769e2

SHA512
37c10551fd58159871481e96f8fe01357cf9eb75adb19eba547fc8a6aacd13ba78b803583976db2bb91857c29ef41214a19cf2036e9a8b50c969fefee3b26409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5017954bb8e30c8c50004e5347c572f4

SHA1
191b64773b41e120471c1f0659ea202a9b566aaa

SHA256
7e45be0aabde7775b7f4856f6e1e364c41be020b88195f5204c119fee17e74a3

SHA512
31ea45be5f27eeca31fd99872b935b6ec706824c791c78ca69690e7ea7316bd34f6c5a5f82b3944088b5845fb9d660a79cadb6dce31561b473a10408adfad76b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
fd6019b7d9142668845377ca1ed412c4

SHA1
a60d19d137e500a5713870cfd4135d3a2fa4bf81

SHA256
31f18f5e7216260882478715e36714d61b886dc4bb7ad5d89cedfdeab17b7751

SHA512
7bb37f8a2df94d6d5f2f30b83793728beb2e82d4f48048f9b19df363107ebebda612b533b3b8a17a31c13fd5d4c4f1a8864edc765c7357e6dfcf9fdb626a3641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
95167ffd2e5d8854368889735d2b7c58

SHA1
05fea39a8c44b7c0c9b9d41085b1bb26d2cdbb6d

SHA256
44f0ab40a71c9c45c359757bb021ddc9f284ae1a3aec79f8398ee50648308287

SHA512
8e4acb49fd37011b1e6c1f41645d3ec346c145e170095968b1acf8b55c98e6f0fdc94a595c889a162a4f409af03c00329333a3e5059bca5ac4a70bf02cefa577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3abe15571ae7c9809e318803b7fe9651

SHA1
3300d79126fa5533441a22342a7521bb7e04da94

SHA256
57358122167a5d8753d322978483946389fb715cd38a4153475e3b9ffedd7413

SHA512
fe00b106863b2ce619f94791406eacdf793966f66f6bf405dc6a993ba350d265e61ebb27c137b1fc48ba13560c522f2d59c0ab8ab42d01a90acefd25635da628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ba94706c9e860e8c019184e7143cae0e

SHA1
1dd39f5950264708218c1cddec8083f86af9a500

SHA256
7471f651548e22505178213ea1979b3c0f366df6fb6d79d4a05dbbc436656a52

SHA512
7e6518611bf9ac8ffd8d80737a3a5b2091bd7a554b3d15b360bb4fe1104e9250b7a0ca4262d42d2fb3743108806b4348d97121bd9bdc51f3de5e305201154949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
931ef121bc7ee12e29079c81be98d0d0

SHA1
fdde747e9cc6f3e781847c48f199a4953eee7857

SHA256
d29a0e22fa8c4c0397141fead5fa8fc0a3622cd7c698c0326fc463155c1a75a1

SHA512
89b640f87c1d461b155053ab3da159a26364dae2e23886e76bc5955750b2a3997cee642d2ffc47f89b84a2a0c6cdef83889f4a3137991281cd8826212998b166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fcdc886efe652ec89d6a2c7431c08958

SHA1
85a01ae5efdb6b70f8234616349e3a4ee326d99b

SHA256
4216f2d47784fd34236eafd0d23f00243bdfc7582fabda24fced4e56aed23fb2

SHA512
09e97644927d608eb118273c888784300dab94a299c0ebe1c5fad07dd1ea7358f1e499acd82a91661b6e4f089bac2d1be0dc7013be8edd9c3e1a005e527f59c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a87d1a029579e71e2ae90222ce55a34f

SHA1
f13417330dc45d4da2d39b7cf2aadb21494242c1

SHA256
fb67ff979d88fc231361a1da0ac940f51f79ee073d3c748607f24aa4fc115179

SHA512
2b49f5f77edc1962a31a12609b3c1da344ff8493ce450740366faa247210adf84235b122232da2f2e7179bfb82f08748892a1036ce3f7bc7dfadce121002876c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
0d59a4791d5a3567b8136b7c114dd895

SHA1
d4e0736608b5835dc9bc46f17f91f5df9d74c8fc

SHA256
dc19d2b10d9b83b35bc46c6ad1bee201f574dce6c5903a8ed511965ddd0d0429

SHA512
d19c1a19bd16e709b02ffbe7b6dfc46d56bf23c605b58889bad5b2ccc010ae97957dcdea25ccd05809ca45f27f195a19f0fb04cf7dca5d9e94f64e69e5aafe4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6d8783dba9c6a7596e59766cd3e30aa6

SHA1
279eb04a01fc4897080487d2ec0b451d5482c2b5

SHA256
40a9dc86e18c107f463e749c19510bce7be6f5e4b8e8ac064012d00c2750f57b

SHA512
76290c055530b7a365080373207f6a5b36a2a04a03af587b31b1d8dbe15c3be7736de11c345bdafdc0394d26279b3a79aca1b3468bda31563e5ead3cbe3c8c05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d9944658bd399848112cb1409abe4f96

SHA1
985f9f4dd1122b7a7cc91e99d5260c14317a2a10

SHA256
1ba98b01f9820287f0fbfe52357bddc716a1f47f480f9da307f3237514ffb525

SHA512
2eb897241a1ef7e29ce6f1f90657a5d749273a97e4e32d47393fdd7b23358f8f4b7e1890dd25bb2765d8201ce3c98c4dd59e680efa800507920b48b0b9aeecbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d554641976f831e65b16625f1f4eb71f

SHA1
cbaf2db7894a69e6bf76c0e98f7c5dbd1b7ba46e

SHA256
8bb9e83dc4bd1321e8677ca5babf916df8d880d91eed347cddad6ae5ae8acaba

SHA512
dcf68d92cf3338cf627f030b93f61dc117d7145cf2bca82765f14c08ef7983a3b0cad27057987a0961535664a473639a389863805b9351b1387cf800a61c1d75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3f43fde6018d8d60a1d56adf3e516888

SHA1
83f1d51b1fd1cf2ed3025a000c42d4760bdc3202

SHA256
a0e396d0f79d4f5fd08e19764d30a16da62604cb40c53c32dd70adadf8da2a68

SHA512
cd1c30aee14c96b2cb3d8d25dda93ddfc6aee2a24b710074c2d803266157df1ce39b049cf3e3e8ca779615c66e7dfc2b4ca2b44ea1d384d4e614bab360daaac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ca1151f677017905e0659eab248b8f2b

SHA1
5d53a43b34cdddb30621afe041bb7a3e88909c52

SHA256
75207ce997eb344e774d2948e98a5ffc0ba6db450ed2b80e48063f2652fe1aa6

SHA512
6218831edcf4027ba754d7c5a397b50c878402fd4f89cac27f00f752672416ae089cea72276c474963ccad00f13b1243ac97c2f2a7a49929790a435911e4e37b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
301acb96844c2e7046a296633ab0ffec

SHA1
20fabd33c80dfeb0a9cdf6c9978e31971696a17a

SHA256
f4235e3c3f97131c71cc61a945e4d8950a9611984b1546dd99c769412bd205fc

SHA512
090870ad93de411bd57305a51f241f20f971f07f30412408a6356dafe2f127e2cab2abbe88bfdabaa6aa65e900ac62a620981566b767d835e8e2fc9cd8c75ffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
08180199f0a9c7adf86f6c812fc9707b

SHA1
b12e2508f45487908de2a9645716d1046ed1208f

SHA256
966a3bff5167e592e10344aa3ec513e348f1ff94b65706309d91f3c59f47fab0

SHA512
5a73c5fe575071c7fd62452abddae0eebff9c78ffe655b4d7e93aaca48bd7292c6b1913dda0fb8bc1dc708fd2e24a60873568b8307dc46d8186a35448ee24eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d7355e10e1aaeb1fd22674b5c4a087b6

SHA1
e3ea2e8d3dd538b039b2e4fa8e6edea544d8db92

SHA256
71286ab4c900743af8ba3e83df39df3b7f70c70303d42fa8fcb82eab57a01bcf

SHA512
1e9ec45dceca1ddd2150cda68255b99a1e7e3612f6bd931b42c01a285776dc8674359fc3d6d91bf6c094b8f1fe68415d8c4e2d4f0666f233eb10185df4210c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
654a112cb3c45983cece3c3987b9e317

SHA1
4c1e7ddc0d0d58004c65fc334065e58bd2e2b671

SHA256
db4df839999f3df91b431723592d9558931dc26aa1e8df4e3f117699ae85e9d7

SHA512
4394e5ec56b75de8efc778dcd4021d6f7ecbcc92e0577b3508a0030c92a7e83f4e1fcba68c4359ec883b0182f74dce7fdcc931a6560e30422dd8db08fbcbf07c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ea360b86745a6318c0a467713c8476be

SHA1
a22a3f9a1ebbfa38b5041473cf46985f8ee14808

SHA256
a845a7fcf35a1b9fe2c5e70f23161b9d6cd892a2f392f8cc8df90e5fd799f6ce

SHA512
4ecf18b55a84f7f9f9586b3646b0d48491764a460f1107f940520c6eb34f6cecdfa1b23635f12d9e77718a3e8d7165efaf2b0a985aeb6a564270114677e33510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5acfa5.TMP

Filesize
48B

MD5
41844d827f593e74a5ab19aa99205351

SHA1
33d07d4c85dfd5df7b9afef83517138e5d9ec8d0

SHA256
ea010f3ba14b56acf3f50b4c689172ad54997d7973c9506e4aa924c489240e08

SHA512
a9a31337e37aa5f042767e2cd3b06eb85f089cc2aca4ae9b2a7a23597ef06db24de2563034c713aee5699e250ca277d9788bac07e863acf6c05f6cd62a46a775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
471425e93ce6bbf252c483f8c3d26d3f

SHA1
fc19b017adbebf632d06599d433fb13c4c167dc0

SHA256
6379d9438a42eafd4890769425fbf2f65d0214ff4c51a300585a05568b370485

SHA512
0fe39e2ca1f483d991ce57b0176d3a5ec5d1d579e44859a2129e1510ec212d16d2fff851f5864256dd39cfac96c6f0a2597878c8e2a82ef6739c7c3d7ec94da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
43dd6c01cc44ea380e17cdd40bf29fdb

SHA1
5540cc5756a96c867209c60f5d23c1f57b5f72fc

SHA256
fa86c9ea67fce962c44fd84ac5bcec16f6b0541351e47f1a1d37bd0f2a95f4f9

SHA512
08a6e8ef3c610ec48ec5b8754eb28314d5413f5de9e888881dc14c84c71c7d281b6bcf7202d8393bf7d43fe0e7b889edf2fb1cf1d414fa59a73195d150a27f71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
a63dae2ff9b938bb0586935cde5b2400

SHA1
840540d2798fcb29783ad6571c99a50201a35269

SHA256
97fc83c8d9ef63a94c214dd8da0f8a6c215f0c31cd5ce693e3f8a1f7ba84d6e9

SHA512
2b111a828618387a7ca6412df97132aa55623b2cb46fe923b20abfb26db0c8bb14f79a0d4e18aee15e6224735f20b1e3aaef37bb8d3a359251f89dce9ce66c17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a1e28.TMP

Filesize
99KB

MD5
cc09aab719f4c313101a632a11e523fb

SHA1
9e654fa61dae3a67348bf4b603dca0117e9f6b0d

SHA256
bb473124b08b53ac12fb4d77695b17ce173937f7b1887955a520302da9890bc5

SHA512
422cce80a735ceef376a806540bcfa2bd5452c2006c57966ed4100de0bf4f963b18a362b47694aa7434f3b824b86b83a4dbc1246f80664521ac49978a86d612c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit