4756b0df0279c72945b8458636ef48a10a120ca0c5aa888acf380bf5df5a3f13

Resubmissions

07/05/2024, 12:58

240507-p7s6zsbc57 3

30/04/2024, 13:18

30/04/2024, 12:58

30/04/2024, 12:55

29/04/2024, 12:08

Analysis

max time kernel
28s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-04-29 14.08.01.png
Size

193KB
MD5

c878a00682bede49df94e06e07db447f
SHA1

3d2c0e0abdd723598b036abf7b884a2e5f643b56
SHA256

4756b0df0279c72945b8458636ef48a10a120ca0c5aa888acf380bf5df5a3f13
SHA512

b04a31e781e8e50332f01c9f648ecd3e5448488a37dfc51a69c6c34f970d00cae375bb0217cca3d0d356dcece0c84c909680275ee3cdcb7880e5d0da3cfab196
SSDEEP

6144:2fn+ThcZbvN2X0M/nbj2lEL2ZSzCwjGUZ0/l8:2P+GZjMzbj2G3eLXG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1892	chrome.exe
1892	chrome.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe
Token: SeShutdownPrivilege	1892	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe
1892	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 2276	1892	chrome.exe	29
PID 1892 wrote to memory of 2276	1892	chrome.exe	29
PID 1892 wrote to memory of 2276	1892	chrome.exe	29
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2148	1892	chrome.exe	31
PID 1892 wrote to memory of 2516	1892	chrome.exe	32
PID 1892 wrote to memory of 2516	1892	chrome.exe	32
PID 1892 wrote to memory of 2516	1892	chrome.exe	32
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33
PID 1892 wrote to memory of 1760	1892	chrome.exe	33

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-04-29 14.08.01.png"
1⤵
PID:2240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8009758,0x7fef8009768,0x7fef8009778
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:2
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1660 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2340 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2352 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1272 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:2
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3304 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1384 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3616 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1856 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1292 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3952 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2856 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2908 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2768 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4300 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4308 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4512 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4364 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:8
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4428 --field-trial-handle=1228,i,14963066012568631406,6819448736802698328,131072 /prefetch:1
  2⤵
  PID:2780

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
2bf8e243c72dea2c4aee4c7339ad697f

SHA1
f48ee34eb95dd2ce88d2c43c8b1ec7ac5db5ea00

SHA256
f0e4caa5e2db8164a4602353af6d7364dbfc7eab4b419116b3031daab4b3d01d

SHA512
10a10843f330de671df8bcc6cba5fee225ff47e803bd04889fa806e3db3c4be257a88415af1e89fcf344c4fdcd4c2a560181d4feb3b2573a7a829731c49f5b35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5076575b535a2867fcef3e538e6f10dc

SHA1
76e394ee18c12340c1af931b1a9f46e9369a80aa

SHA256
029abf90f54afd01b13e5a400cbd0c63cbe54adfee28743db192561ae5226987

SHA512
931c5c4f09abd040f784ca54144d55d6e8179baa90b4878dc14711f6d46d1f76d623fcef6757668aef1d9066363ed1cc3ecd2c914fea67330564532396a4c8a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62b00433b5fdf82bbea4f9a341fb4357

SHA1
366d3f1f96c3b433106656dc94a51ccaedbea296

SHA256
1ba99dad75dbc0cd76779fce5116bcbae58b2650ae4a37bc278ad47432fe1003

SHA512
94f26427599f8e6690114af34ac18c58159dd670e0b3b33bfafa483eec9880552241fcc324369f5b60b0df7c02dca279b93ad44d60dd1574d8c69097d275973e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c367f36f16c03c04857795340a654d26

SHA1
fc986e7a29a7a14a98a28e22db1cec4f9b9dc275

SHA256
0d206d6bd9ae7ffbceb4b6874ac23019b8e8a29e8c0f12cb283a2c51deebaaca

SHA512
a656dd5d85871714ef41e9eeafe60034ccdcb2ac3de756c3878e8623ceaeea353c0eb0c67f60a8a46bcb93902f2862698a2cdad6ea2328793ca4a1be0fe610cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fe8910347795df2939737fb980d513c

SHA1
8d59f9f93e80733217c3720ef65c9a0245ae2601

SHA256
a54e8953e6a0a12672440d7a479eaf4a6bd236082b6a51c17fcc8a2278326521

SHA512
e503161f8e4e63975f802b63b40438bd64e79211ea6a169212f3bfd7dfa831bbef336add7de64b3a9954f34a1a20d2cca5180e257da29156ef634ff65d67e60b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
731b22c5b908864ddc77a417fd55eaa3

SHA1
03a7a9d82cfd1bb4d160f17177025e74d69167d9

SHA256
6e65ea2fb062d0bb1de65c8463925cbc610d4002629694ebeb2022bb1e7fc48c

SHA512
ad9ce46219e9b7f1ff07658cd2bdbefbc4e437f72f7c645572b8f1ed55187dd5bb79278816cfbfcaa3a311929183b89ce4c3696d70f55581c940b20bde22e65e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b69d3b254058d82dea54f1f6383ecccb

SHA1
e5a0217bea465681d5dd3b411249e18c5560354f

SHA256
354f6c973606c6ebda5488cc7cf39377ac0e4e01aaa4b593f49a13e50f99f2ea

SHA512
d2d7c7b8688cb248cf72e7d6a3ed299aca1d36c148e2e78db33292010a7d94d804075cae9e19ec8945b740b0dab553b8491edc1df983b541e9e1c5936f249c85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
86KB

MD5
a8b87a51e56cfa32417c60150afd7f62

SHA1
4760193551d0ca806bee95519c3346ba9093a449

SHA256
ee852781678b2ba44fcbde55d3bb481fe507ef0f8fd2f1108d001188c024616e

SHA512
59ee8d91c193ace60b738225d1a5abf6ec77831503a94f4e30d7861261859b1b833cbe5a9927a6937f8bca9e1af4a209761d54782b10fbaf5482be8b187fbe5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6a72f242f7b64ca1a46100216a70809b

SHA1
6e777b96facb2c7a5062a0f53a5f75eca8807083

SHA256
ca7c85d06f798b07cdf59272a7b266b9b26687d79f7a7e80b49f292aea093758

SHA512
26cebb941c4c9d37234afab37fafbd045cf13e3d956faf2ed9ba1f6b2c1a894efb2e738410c3ee0c270f2171fe3d50be1e4881b599d945ba5a6d9b733597d455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RFf77d1c0.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
0684ff2e205563b5e281356704b931c4

SHA1
a2827550d060e15bf26be21f352b4f9f19e63da7

SHA256
0e7f0a6cc0b47b426bcee81fa73795a295934365eea0eb24c8ba9577f9954920

SHA512
e1702943a6a332aec977133043de0de72dca2220cc279f1de2b2dc6dbcefdeed469941c3ccba823d2da0c75b98f8e81773a9d399b43febeda681650561342928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
48fa9f3b18721f3672c4a192d66b0add

SHA1
b8245e4359e075af7f07aee918f1a9b2f2994932

SHA256
d676c5fc9d44341d4927f4f995235467071d23a0deabf85d5ed87de1b28b9fc5

SHA512
17a2f59181d835b9b8754a82f85e623e03444727d6cd3f456d0b6d7ffa3179fcebe4f94dc073cc73a75ae4bd15801fc66c61317fbc4289ccb33dfbeb8ee26b0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
00642055bf6e5670a636fa5bba6360b1

SHA1
0080016e68b84bdbffaf1bc17d07ad0874beaf94

SHA256
7a183df26c5eb66159ebc87d1d4d7cac17074f02f64bc659188cc7f6de5eb82c

SHA512
6c5b6a442dd72e63f1b8fe38c538b9ddbc80d6d9cd60d2591c0085ef449784b13ca5beede0d64865e3c2b411dfdb8f992d44edd8a4db09ffc9beda1b56d507ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4a4d56848260c0b4e6267c8db0101c14

SHA1
c3a3f26a5024912e2e105fdacb36a9572257062b

SHA256
7f2b0c7d280b15db388cb0cd3313a3926493442a6cc1d588ead3b70bf7a13f8b

SHA512
0fdfabdee8567c63c0ec8fe1546b7fc270b967fd2ccf80dd5890135512a2d7c317762ae61e3d3776ba8b612c9ac0c1b7999c8b977245ec610392e54303aea394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4b3f4a7917031fd0b3bb1ba0a3d782aa

SHA1
38242893ebff5441bd2994e16f36ce338aea7973

SHA256
c8632798e723cc018f29df6ed5210575f39159c2186150270908ce86a4693682

SHA512
d13f18c419f77aed08aa8ba31fbe8d84aa56b7fc94faa4813e724e4058be02376182907339186f94506d27fc56dc6437ac0fb6c8d2f53bef5933095a953e2eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6e92911b1e3aa8f8ed4ee237d18d2bdf

SHA1
c77a5200e2f1ca60f8d5687da3b64944b5828195

SHA256
acd35bcccb286e689fe4dc6ce91edf0b29df133871da58f4e8e58a0a29c9841c

SHA512
faebc6e444bf1d65aabbdd890d70be4494ade8b0d404041a5340ccc3c6b6619c468a4233ee94adb31fadf52d084f3f3fdd9e2c5a3c692d413d5c6fb46f04c495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
3eb18d5a899025a95b397e3e9e71a09c

SHA1
47bd8cb4a579d1ded66187566748b17843d98ef6

SHA256
1b2b386cf5ef315f844b6b09c7286f7444c06c565c67bd957d08c32ab1309bb1

SHA512
60d7472177649784e63cefc9a7d61f7a3dd61b685eecbbe9d858a5ceacefcc8ece371c4d1d789f4d4d40c3533425cc687b4b5e88b73e2ce77878336de0e6afcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
17c1badb9de6342f59c2b0da352b33cf

SHA1
fb722a428cfca9915facd0d4e7002d3e8c6ec1bf

SHA256
0c7df01adb8eb7342f4da744acbc51a8ce0580733f0113e827cd6d1549c34456

SHA512
efce910c4e2069a9952db4c5d45d5650b6f4a8f0b40c9a65b0646a0dd5c3161c70e284c66df80ed7c64b75ca433c6c7ed7d008aec8c78048093c0602da40f0bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8dcb0f20a05ae4dca5e440ba055ee915

SHA1
88f763cc3839cd2435352fc6ee4191d5ec2868be

SHA256
4e20113bede0db2b7822b7a2113e7e3223134cd1445eb88989121af783eff594

SHA512
b0e29407dd3fd61a49ae0e5ff1d308d4a16662e5528a21f618d46bd893c99ac7c02b733c888efbceb1d3de23b827f614795354769a80ad47a0f12212994bacf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f104f1e2ccb297c1f72af08d5268d141

SHA1
6cc0ba4586204a28cc50aab0fd834c2b3d3eaefb

SHA256
eb3d6ca1592cf93af5cc021881f0e516c0708bfd30d3998b9c3ca12ba6602f61

SHA512
00c5d344a0c5190d849f0e7cf156bc623eb1794c536340051fe69cf0ae9bd36a592bef32b7f9a41cfc4bbfa496e2d3062de39fc6e98711f564d302ca2bb38f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b7891a036dedc21fc8181c3d52304736

SHA1
d9e374621ba0b3764ee7174c8ca51a5a8d3e3fa1

SHA256
3bf9fe8c40df6a52a48ff5cbf68170fe1cff598479121441de7ac0ed32b607cb

SHA512
4048af9da1c8ecaab7edc3168bd29447e96d6599c508437114b4897aace7f6471e08291eaa6eea60ad1ef3e74cb2cd25cb16e5f439c617ff28092582edae9e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0ae26def8e3d38c0b98d733334065d5e

SHA1
12434ab620544ced9dc884cc84f8fe0175fea76f

SHA256
3e96923e641e23e769b9cd136f41d0d92dfbee06a75906ad1140ccedb16ba465

SHA512
f2636d718b02f455e1baf7dde709bc3d55fd167fbc18dca5b4e1fc9af3e07d35c6cd3cdacce0784fb8a13d227bb014aceda35662ce9725fd0a7b2b6783bc07d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
fee0412968dd7caf020f4d8919c55b17

SHA1
f531a30b4138353211a9ade9d0df22778a93a3e2

SHA256
d59ffabffc9cc131188f65b46fd61fc43b8f34a9541678a4a8558cf57ecc7b8f

SHA512
1634168bf48139b62d282c321ed162f1bae7ceeec8818cf6699012a6adc0138fe2f48f375918600cfc19ebcf2840bbd06eb1afc829a14eded01b17ef7e288fb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0d930d5c1971d2d318cb1ceae5a80037

SHA1
487be5838e48965dd8f15a444635a7817f538357

SHA256
b4e33a59f10ec88d0d351f2c0d212ed242c7beab246cfd926adfc129e48d37c8

SHA512
e6704c2cfcb325509ceb60a29be3604fb74771ed4dc530cbc7cc1eb49a6e8cf53d1e936679497b3ff4dd1fc4b13a2d2dcc07fc362b5e0a8428984bc858426075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
94b16a4b2c43564b0e187019a6418a1c

SHA1
fb426d3e8bb434425e94ab0c578fdb5cdab7a97e

SHA256
1aaffcaf10737fe5d61ebca95054e3d379b837689ffb7841598f930b9eeb6eb0

SHA512
e3a290b444fb0f2ba6906758d7a7657697e297c7412e794155c8b72ea3f24dd8236bab06c0a9fff91e5849232a4575011288be01e4501366d2e4c8a5ee5a0b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
74KB

MD5
3ab90380193a6ad59309df1f0264e3db

SHA1
ccc4efbd3931817debe40c5ac39234ebb90c2392

SHA256
cbe29c41e8855c898d36af6759c8f041a5b45083e97bf8e4ef206c7c03894774

SHA512
2091e66cf337f247ae3f5742dc43689aee4675c02bbf1b6d2164037dbe53cbf99dcc87eaedd782c13068cab0c1921b3bb724e103e374cdb2c7f133ec0bafd671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
62d876c1d51d94767ea40efa12f89ecc

SHA1
524981a611cddbba5bde8a56a333ea57e909ed50

SHA256
10b311a8dcb1fa1c54c1b1956b60ae7772541536c0df7c447dc3e765e9e68140

SHA512
37f5e0de8e549fdfd2f2a68e40665215ca9de4633c288c433481ecbeade7ab7b9e7ada0afb6f9af831d4aa7481563de00c12906c7fa290df12667f50cbec9e03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar37F9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 65553.crdownload

Filesize
5.2MB

MD5
c52eec089b9dab56e69fa5f4d9350d8e

SHA1
e89b321198835baa1313dcd1b7eb71fc75eac6b7

SHA256
d1a0d760bf92479e176dbddb70669d9c3bcbcf8743c5601517682ee300a202de

SHA512
894f3ece52ba0fdb7bf5eb3b4a473df66230be894fc47ba2f5189a06ec5db252f0a215d6062514c5b467cdb498555ef03b2dd26d6a8d76a25e121bff67fb4677

Download Submit