b2e3b3edf52c7b02b128beba207344ac58d9045076a3c3bab471a4b1e0a7b5cc

max time kernel
1800s
max time network
1797s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-04-11 12.37.45 PM.png
Size

25KB
MD5

6b7dc856f8c243f6f19b6919f9c3a1ce
SHA1

8b652199f0126eee7c36304046510f4b8b544f5d
SHA256

b2e3b3edf52c7b02b128beba207344ac58d9045076a3c3bab471a4b1e0a7b5cc
SHA512

68528343cd7bccf0ec068afae317ac0201d2556f7aabf7fbf6a4e843669289c4de1115910af54d3c9cc3e806104efbf1c552ea8a2ac9195bb86eae7917a2fced
SSDEEP

384:Tjze0/+KycJrKUZggOdglJeysrE6tuY0ek2YB+iLIJlph:vzB/VPZ/lOuY0V93LIJlph

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
229	discord.com
245	discord.com
68	discord.com
69	discord.com
70	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602584454632484"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{373FD7CD-C052-4AF7-86F6-162008E97731}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1848	chrome.exe
1848	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 4692	1532	chrome.exe	95
PID 1532 wrote to memory of 4692	1532	chrome.exe	95
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 3904	1532	chrome.exe	96
PID 1532 wrote to memory of 1000	1532	chrome.exe	97
PID 1532 wrote to memory of 1000	1532	chrome.exe	97
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98
PID 1532 wrote to memory of 460	1532	chrome.exe	98

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-04-11 12.37.45 PM.png"
1⤵
PID:4304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff363dab58,0x7fff363dab68,0x7fff363dab78
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:2
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:8
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5044 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4852 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3276 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1564 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2692 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4652 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 --field-trial-handle=1916,i,13362431200103956295,6048922357093328274,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4104

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x318 0x2ec
1⤵
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7b71e121-55f1-4975-ad74-f51d6765251c.tmp

Filesize
7KB

MD5
2bb94bc83f0066655bb21626fb204cde

SHA1
3baf5577df054216b41bd3ee78bdec2163771f6b

SHA256
d6e35004a273ba598f5b1446182577be82c5860948ef3691fa550beb30aa9c11

SHA512
42cfda6e72e474f2d2b0ac482bb4899fe9e757ef878281e3db962c2713df5260788fc10b2922400cda9fd62c77a8aaaca72bd383f6c34fa91d941ebdcece67a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
29KB

MD5
07bd004322d7b2832709191bddd0567a

SHA1
9149ed0c2466995a3b6dd5182865a78fd76ec0ea

SHA256
6160a9f25b0dba39f0325b3268e0c00e2c374fd278fd1e90edc2fa87271b55bd

SHA512
28de08cc0284652a62600ea99583a758e83b8c79e10982a8fb11058bb5bfeac5570ecc51b4c58589e8f1b821645839ea5639dbdea2071bd1af9d0d4145e2d944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a27e29d1dea45ca7e7d29c1781d45fc1

SHA1
6f900c17a28f333a859d9ad8d2bf1c62d9594111

SHA256
c5ac5ad33519bdbc4f569b6142e599b80dbb5a9efa146b6b4850fb7464a6469b

SHA512
ad2ae28abf9de4b82361698917b78c5805aa2195512f5d72a541fec5d7872de52805a4b5483fb1a6677c5bea159db554c6ceb16c27d71af469e24b92b69641cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
697e3e791d119079f7f9a2b73eb12ce9

SHA1
69494d2c21248908a7f964aea004ce1f968a4e80

SHA256
76998ab1c01c5d1421e6583e792fd1d05bc3f12e896f92af89b10b9c6b7be1ee

SHA512
4d127c1e2d252b9b21cb8c5fed1c526215fb7b5883dc0209a71cd3ea0db456072233e6e6787dc2b71de61807fb14e82eea07c162225b917e96107b0c7034f3cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
4f092f858d83cc63de31b148ebbd626f

SHA1
47872facc53e2d1ae94775135a4a8ee46bb50cb5

SHA256
ae834f7eb93f37330ff02db26b3825180c018afd605f619ae12631a21dfe075b

SHA512
1fb681cece492d7762056874070cbbe64e565da01f8e88b5ec2daba09ed00ca0db7c9bf930e9e2b0ba1d0096d3d9f1f8b3dd28f24ef7db7fa5a76e1c9e87f844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
30ec4d07ba8b3de4178f896264ae757f

SHA1
946727c2d8e11cb5a9cf9d377883caabb1167513

SHA256
72b3b6d6a2c6c614b6ceb0679d8b50b4960321d407366d59dbd4df169111217b

SHA512
b97e34bc5d6108e90a3efd55d97c8e350988e40e12d52db2a687bb153ac95bf52e3dea6712b809c984c9bcc79daf919de7e7687b8649c74331adf7fa0fad9965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8e139c3ea042bd67d5780c8347f1cdfe

SHA1
75978a5761818cd260207bffdbe8c5a566293900

SHA256
2079ab2750f59512a26ecc913b097d7802c65eb0548bd613e996a056b447c3ec

SHA512
2c967368a0403368ebb4353de072ccb690fa47316d719fe989eaaa98194e5a33fcb0085f9988c2f1ee6b6e30329d604114434f65dd9160379d8d45dfabae316b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
d200f46859a4aa91b6846aa4b5c7d319

SHA1
80e6e7576669541a8756df3579be4aa3522cf69b

SHA256
cb041c050640455860796021424395cf9edb540cabfded86a557ebf1da914602

SHA512
5d3d2a2c97f2b4af8cffe631ee7a3e11d5d91dd8c0d6a88b689f972a0e05eeaa63d5bab6ad22013cea43bde09f97e70a5175eac4fdc69bf80d8890a0622dbc6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
34bf67cb7a2d4afc98bf591837590efc

SHA1
4e35e25086298f751d87e3cf91e1d6f9be00b424

SHA256
2cc6beefabea041a1c18e4bbc15d1c585147f4fb9078ed4062ab808ce331bda6

SHA512
f8602be722d32cdb816ad4708f260416705dcfe0ed9770253261cf39e996434eb0d0ef9108edab2818ec1de78ece6561624a941ee5943eb0a6e12bc93a680c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a73f63671d8c30375cc93a6de16019a2

SHA1
b1efa1389d79a9df1460f3d54e013cd5ea7f79a6

SHA256
9d121bdd2d072b28d079b67e5ee06ee9d0613a9e4fa18d63882103227f6700d7

SHA512
f66696efdba76b424e3f777caedcfb8d72cb21e60a456a421c9347fd23a2d864ceb72aab72baf06859b8a4277151dd6188cf9bc9976f9e9ef9bf64e2676269a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
261391c04d67ff3277f767ef68eb4809

SHA1
554c5e9e882dac5822b35a1a4ef679b95d8f78ec

SHA256
5e666c9783b6dcf687427ef8041a1d177cb5d718ab2c80fcdd0e325c2ef1ed7d

SHA512
4cb13fe18239e096c5a2a1156f599822fd54c83780e1d21438d46bdf77747510a5b25a704be2f51845404aeca507be850b72ac4d9b76e599563e5ff94c0a6af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
df54c0f467c71536573c53c708430d23

SHA1
2ac16aee5a52c5c728330e33e41e7cde70a1210a

SHA256
ff0790a5ef7934096f4c1660e56b007a41cac67118bb116cbddad4e03fbd601d

SHA512
140f181df147a895e59d2509a26a54d5bba09838231559b14408b0e7d5cc406d181074ee94b9e156d8ef3018688eaeb3bc5569070b85aae6365943ce9092ae4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
124952017b1f86f076afa451cb8d1b22

SHA1
43f984b4dba41e01b23a4effdf31bc78f679b03b

SHA256
56b6b46be3adc02041c05e5a9e48d3bba0deef7953bf3e833b7433485959957e

SHA512
aad437a0093160409133f06b5677330639a883a552c60affe84fb6b743c183932b3c4a11cb36517f55b255a56617b082a9c760f7a6c41f595e1360fbf9f670fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d98a397ca1af8fbc2337e2dfb1cac8fd

SHA1
2123f44e6afd070f103101e6de6c619a3bc7d4ab

SHA256
8ba94e17949e3114998aa466cd6fd24d0e1a2f69c2143539a8117890f9a45a01

SHA512
0d00c0c861f24218cda385034e655d4d169ea47356e33d9982927ba56a3b3f5dca13a21b35f00f822bbd7e101b169cf304be2f865624383ec0d3ec960ecdd7ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
abb94a4c24129bb735ee796cf4adf7b7

SHA1
e53afab97fdddf71e6b2655795133749f97d98ca

SHA256
9c18075418710dff8a9794e5d7f12fb42f3afb76ed7dbcfaa3d5c3d20f405ebb

SHA512
524c2da7b5e35e49681da4f8c149d3fafcc75993213c0281668c12dd9ba29cab4f16a09602b124411dfcf6c080e97ebf486e934fcf1e06052ea822207d4d9c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
aa450f7aa00b70f8de47ba49598ef9c8

SHA1
ac80a084306ddbae53c4ea68fd9237fe66b34f59

SHA256
88771e7a9b126772d3666d039f8530d0885b5eede1dac87448806d0853005525

SHA512
8693a97560b565d1756d7ed6736edb9d368822b8b5100f5189de58086407e23fd041e78bf9c03da13d7163083993b584de07c4214d0706849b8c2560409e545f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
13f1c2f19cf5b4cddb4d2a3093db2809

SHA1
0559f3eb63d362db84de9287b99990d2b9807233

SHA256
1acd86065aaf4bbfbf013a0ffe26b613587241685a0c86301dcaab8740b007ef

SHA512
65d857d959a0a74a6decdd1c7e4798474745e25445a872b2a05649a1c24ebf1437d749894fe2890a0f47d0876fbd7f8dfb1c55ce08469300dde825e7461769dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
959f79fb6565a4089ceb6c88041f2eea

SHA1
157e19799cf2777922e868fb82cf03fc2940b809

SHA256
e4b48f05aad1409c87012c6d055d3a66a56adb1e00e6eb2cd276134bb9894e15

SHA512
c17572766b852246ee9938d9cceed125b5e76f9e52252d39c3337662ce5934ec0563a6e5a8dc42cb30086be9403aa4be64deadac81e379392beceb3edb6511ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c35fcf3573688c7da998ab119238390e

SHA1
0b79e93a77d415fcedc7bd80fb13c62b9bb807fd

SHA256
6f310d1c02080f295539da926924c11c0ebb3b35d380f529841a3382558bf2d1

SHA512
05ab070515335493ac04c9c44d2978db455381e41a0cfd788642d0eabd195182988238fddbca27b4f3306a5aec293b36141a0c6ef415453844b38b150ddee481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
458d4db6f1a7fc7f9488b784569fd8bb

SHA1
d143e065a9e799050e4ae390e7f9f65556dea9c1

SHA256
300f9e6ba2595a7f7d79866395121c443b67ad20d3f17a0b3c0f06c23d7b08e9

SHA512
113ccf73d12d3bc8b2f946f594c961e1b5ca4ace2bc01e789b08f2aeae8aeccc89abd155f6eb50dafbe80ce692d0ce940d2d5129c35e35848690877812ea7518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3dba8904fab4efa8f585a1905276696a

SHA1
b572f71dc096678597dd97a3c0e5a69e031258a9

SHA256
1fb5333ae58db1c092d5e1f18a1e25f4a3afa4252effdc82b13daeeb356a5f9a

SHA512
14403aa9b1b3cf1c89e92191cf955cf32926b9a93e3b6366e2b239da8da5b4091370a9848d1de6965adc385c87932cefeb87656bfd1e44b4ddbae0533d56e03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ba7aea3f1614073287b70c09c80751bb

SHA1
79d162f01fbbd1619a2603b75e6a82fe4af2a074

SHA256
de4748c3359d345b0865a5448526ffc2a92c1ec520c973365a1b6b7c362decf9

SHA512
09589a82fb2d0e3f2a2832f3b3b94b9db03b12bb246115a1435b5c4594e9d187afd76c416fa2209a291dccc785ebe53eddc91e8a050506fd10061d3c28956fca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3dba9ce07775ea075476f97face36534

SHA1
ca692cbf537dd138d4ed7d6af1dd739ae3580db4

SHA256
37d8144492b496f4d3850d2e7b4978ae1ece9cde8903e64d95fe3d9699a74218

SHA512
fc1f672422109dab51d1c8fafa97346fe7b358932c2082ed24910249cd5597f292cdac11304fdbfd03e73c02b630029157c3e7debd76b23649e84ff7e9eacf68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d506d8f8832977fd5eb641c74297fb3d

SHA1
bb4412060d0cc8716b4196f55cdd86a68f50bac7

SHA256
2bdfe479c6dc394980be99a03e984d4e2dfbc9dcd0cafd723073f420a3771789

SHA512
511ccdc0647da92179bb840d03c19679e14b43343404014f0d7bd3c88cd14563f7e83dc4021bce746d4f57495c40b6a1787a3fc70684a063fb40941ddef43777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e7fefcd3688292c4b2ab73ac9b3b271e

SHA1
e6b004e4659773d4c4d0fea59e5a403d75b1d1d4

SHA256
76095a03a197be6c20185d4482d050e6ec9b40c1699df4466255b4fdf2388c54

SHA512
57a5d2124c29b27bb5138739a1fe8be745fde810f92d1d8cc56bb9f80aa093f195f51bb49514edefd1c1f2455c2aa05a159e358eb359c3fe0abb71a7829f10fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
898284863859db19e402b9733c44a16a

SHA1
b8b3134fb2cf68130acdf979fa9de9d959d206d8

SHA256
5861517af1ba929e61a8e9e60893e9812acbe70e688e663d747840a5f301552f

SHA512
ba1788c9af54c8e2847b9fca74bd358a9d5156e7030883267bc3026ef7a24d28488add210528b4663ad06e0b28628869d6a84f143728059579fbe5ca358164bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
1c6d998df85afd8df7f2e115158ecc80

SHA1
2c4f2b5c26b840cce05e8417a7f5b268c8a81376

SHA256
053c2c32c655eaedc531f512b3a6c454cad5e676481e7e71efd0a981d1b86461

SHA512
b435e528941732a723dc6c2b9053cce4cdc9518292f5402a201eecd0919654365cd414d9b3bbdaba60b329bbd741fa7c0c260b29d0dc740376fa161192b00658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
3fb34b72fce0167160d954f7ba23810f

SHA1
efe7b636e50cbace19d5eb56502613650dfaa710

SHA256
f7ce21001c42e4b8e5b9b886c100b933046c7a9f6e447203596136c94960f6c4

SHA512
10963b028da775619aeb3ee12a797a39d71c534dc22d111d702b2060c16a26f32c2c282ee3b95fd98d1c72fa54938b9d20f29f502e8f0015dbfbe0b0ead4c1aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57aa1b.TMP

Filesize
88KB

MD5
b4f1441551306aa79781be9d7cb1b76d

SHA1
909b68d5c2490f324e510706c63ca78c2b975744

SHA256
464a7fd4f33defaab1e3f5b5652aacb759ee48f0bc7872f898e0c1278ea4107e

SHA512
a1b6735026d5242d1b4e2b2cd8d8cd46be16c0fb1bdec7aa959fd66acac70cc4c5544f97405b9b7c4c4d0cc97a79112763f7801df5eef5e7cbd096c7ebef30db

Download Submit