a6246dc3e8d3390d7924e4e909b5df32195e1d25124451f96b37d9b34c3dbf09

Analysis

max time kernel
150s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solara.rar
Size

288KB
MD5

c06fbc5f9a97d7a7eac5688c48f5f6ef
SHA1

0e94952afac8d566bda94cc0fbf1c38e232cdf68
SHA256

a6246dc3e8d3390d7924e4e909b5df32195e1d25124451f96b37d9b34c3dbf09
SHA512

86d773a38b2916cd749055eec6407b249c3215802c281e39f2c1f333f7eafc205286f7e025c8bfccae22621f808593319e2ebf05ba72f947d8e28939874d4d4f
SSDEEP

6144:gYkCOkMXzS9Q0t53bF9uBNK+oHs7t5yh24Lwq1NEoyfhCoC:gYAbzS93nx9omsbyh24kq1N3ICoC

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608631147916669"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
464	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
3796	chrome.exe
3796	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
752	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of SetWindowsHookEx 49 IoCs

pid	Process
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe
752	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 464	752	OpenWith.exe	102
PID 752 wrote to memory of 464	752	OpenWith.exe	102
PID 1532 wrote to memory of 1492	1532	chrome.exe	105
PID 1532 wrote to memory of 1492	1532	chrome.exe	105
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 3412	1532	chrome.exe	107
PID 1532 wrote to memory of 1684	1532	chrome.exe	108
PID 1532 wrote to memory of 1684	1532	chrome.exe	108
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109
PID 1532 wrote to memory of 4144	1532	chrome.exe	109

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Solara.rar
1⤵
- Modifies registry class
PID:1556

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:752
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Solara.rar
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe8070ab58,0x7ffe8070ab68,0x7ffe8070ab78
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:2
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1948 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3632 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4400 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1732 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3112 --field-trial-handle=1984,i,6351304611428248271,3896681017259378835,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3796

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
3963b7952878d6a51c71929856a191c1

SHA1
6fb56b6b58587c9d8afe6c555b8f1707a798d605

SHA256
c95c60c8181e7d4ad61c2b65ef74c0c1d91d0df347a9496195202e87b258db21

SHA512
16015c636d1b69ad5b6bf2de41f7bbc91b0ad96b589924c21d2841c8153b479efe1f107b13ea2594d7db73f2a8cfb80b76dc31533d239b663f3d36eddf6614aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5740f05dc7d4638eace3e0adf2e92d22

SHA1
24b9b5a8375251f4ffb7c30c50d1de304f4d2369

SHA256
8387a5912153965fa6089e1fde827f3c0a3de233e26fc2435a9f9aaccbc1759b

SHA512
fb60a84446c43faa6ff35ef6141a04bc7347f3414e7712c48da9b1bd9869b3e91b3de7b5f353bdc8585729084f659de440167f4fedc3f453be4155cb00b16215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
ae206fdfc47d442605a1d0d9069e44da

SHA1
0a96955cec0fb6e699e291899f68e2b201d9b74e

SHA256
56e6310bc8f4227335867f8019c6a02a2a8f185d4505660ff06db45c73b86345

SHA512
5efb4ce9b407a6a434bd7e78ae527847d6616bf117ccf14a778ba0b2987fbc9930369e42082a80084a7944c4cea04bae4b7ff125edfc611f2f1da3cf3b1ffb60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
b5613b6f3cc4189d829acee4da4767be

SHA1
3c8c83efe4f70df15b8e7a5b18e93a7680fa2259

SHA256
31ac886c26e5f6603f15a1f938df08e4df97cac57469b826afe2fda681bdb883

SHA512
8a6b598653253ba0f2bfe63875dc34f2a0321ccb25a86ef6f506086f31c1eb231b54a39ca8e36f93c7a9f1110e9159fa273ba55aad4e421e35d1df2ef8bcb7a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
da08987d5337a0ad079ce9c72737d4ad

SHA1
690075de7ea5d8a0c7f8e7283781980d55ad2cdf

SHA256
8baf4fb9fa94bf0b2948d8f8d0b84c456257b40e4b18a4ecab28d698604990cc

SHA512
e2e79ce137b22ca300ee6c1dffcf76e657918a13a3f7289d2d47623172b5889f5490cba1b1346d64ac0a228950baa6b2a3d75240f19f8e9fd1710ff91d74c40a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
20078c86f8671278a3a62901c76aeb95

SHA1
b2ed14e6b4896337498f0b4aa2c410611d9370eb

SHA256
a06959048ee18356cbbc9166a33aadf5ada7806bb5152f26961f47164480ec65

SHA512
057bac5e37b54565e309a86d1451ea12e80ebfd61362bcb895602b331a6b39cbacdde3143dc3d3c1cf92c3dc22b674065aa3321bfbb6e3f1ae4cadaee74ae5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
671854b98a4270a33e98516bad046b4b

SHA1
47e931cf79daced6d6c30b2f73e697834f296431

SHA256
538f517dd6232607142c25d6ac34afd181819af3255a98c770a4cd60e4f26391

SHA512
4c16d7f0da47c3c7cc97bb78bd4f0d41c03169c0ad98a3f6dcd6204da8521b9134291d11d261be5da5d2222b9d31716f3b57b7be3364a1da2c6ebbf6918e57ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
208dd6c02376522f00ab18a68a241b7a

SHA1
256e84847b36fcf1fcc759c0cb21297f4794ac9f

SHA256
d1ac733dc005ce5980915e396adfa15166284168b24bffd9b6bb088d840af483

SHA512
1ef5718cb51e339262cad4deac10fb5749dcd2026fb43556e44f832e6c6d75e87f2a9ac8b7972db987b6e0d8bb76a93a37f7099f811245acffdbcb92cf473efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
32c529d53b5aefc17330aa292c78fa20

SHA1
8bfdf2669a9d5f347fdf743a43819a656872e6f4

SHA256
bbf5786d5eb3111db876f383789d57947a9d5c71353a7fe2405656633cebffeb

SHA512
4e1815af4dede39f8b0464573a3043861f421a85134c30ed84249163c31e3305a85fdc72ddca4f026da486e7cbe673497f2f153d2023f915615fc8e5fc67f07b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
d4e234cc2fe5ea55ea0a29cfffa75dcc

SHA1
8c92bf9b81e1cdaa9a1a05fef171ea8cffbf8d7a

SHA256
d995e798d7a853e6500a4e8d9a793fac7b132bce4361d5e82531eb125c5be1a9

SHA512
1f4540fd129679402f61e01f960476d67f3d489252055186ac4ba0b5d00ecd43d6e30025dc1ef1d9a4cb9ade2275d48aea121f8ad47cb674acb83f8a76dd11a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
78b04a2da0951f4e41b2c986a2599468

SHA1
b98977d1c577f7e8faaad82cb33bb633e6f6452a

SHA256
3b04443aa72a9519758e01c10fdb77a74f4edeb46c03017edbb6efd4523154c9

SHA512
abeb61c9ff59d405f82d4001e45e584adacdfb2923e50916dbaf6bde1f06a89124cfa2442bf393139f936fc0e004a3e74780621fe839c7e382e89c716c1b51f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
b7a35f591f2714fe53a691293522bf73

SHA1
f24928d27fd121bef62ee646030f85714febdbbc

SHA256
5e1cf22a3f395d1b9eba48772fc8ccec4b5f8ca0a98989ad9618d13c4eacb160

SHA512
253654089313f452413516294e86f464a8d6f4a263be580f35ddefaba113ca02af964490c8fbbce38c0888a054d1776095eac4990873752c5ba6a76bffa796d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8540e5e2ec12080bbc4b6a00b348b070

SHA1
d125741ed13ecbb3e218b3f7140114f38c1c6ca0

SHA256
02f9ef81a07cb2d8ca59c2573f9c66153acc5d7b523e232ace0b356fe82a2e7a

SHA512
be987fbbcdec8ee9b70170e31b9fd35342f6401e04c97d83c9db5182a1e277c4f055f7c0309f1d3e21a38080991bdd71d44ffce08dbc2c9a74edb06726f48853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
be8cae88b78d2042c24907495e91ff50

SHA1
a4b9c29bf14b8dcffae66e8be54807bdd8d89453

SHA256
c89c7db360325336463754c316fa7852781551779db316e871840e6ba885681d

SHA512
d7c63b7ee8bdb717a52df2f9df0bbf7cdfabb69774f8376394f9c2ed8ef3c225cd79f7eb75f5563dc1a9fb0420ca19214f26947397e741ac54b97cc5b9208e40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
5cbae33cf787aa5ddcc1974fc454fc7a

SHA1
f2decf1e3a015942b3eb50e4adbf2b8934a51460

SHA256
b9022637220349bbaaee1cd8590f74dcec581e2d9618390c2d104fd677d38263

SHA512
4fa5088df9819ce01bfe50fcc4ad39a5308ead3ebb7c8564b52699f8ce6d50a66dea7e868446fb739af2801fa6dfce4200145c01e4bd3b25dbdac5cbc8ed7bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
7aa0cd76bc4fd8d79c71262b6fcbf36e

SHA1
42ecfed1fd9e5b9bd257227615b3c5e34d5cc622

SHA256
d75f22d452ddb80cc8c11a8a7e76d9f4d7eca9f65ced0758aa463482ea50f6dd

SHA512
06973b5b7630cfb4c203a99a7067a0cebbd5efcc5f5edd8fcb711a8d54a9f6d3d292e37b30f3f56f5224874136b9ac88360bc95f200b5c4dcaf948d911b9c934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
35b77f3110c605d0413d9be46349a3c7

SHA1
f75d3799b00983efccedf2090d2d602d76ad9dc3

SHA256
477583e3f2497631ad83b775f6e77c0e92ef5a4e3e1364856512c7c8b35d3f87

SHA512
46241aafba5e26c2e3d035872f04020c93dc088bcff0951c3d50407e18c5dcb9d71a007f3683f8eb52aaf794b05324d5384e6dbae4db3e320e69fa1301e0bc43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
ad84a843ce1a2c03cf1e5facd0801454

SHA1
915756adb7cfe2d0307419bbfb7b0baafea525c3

SHA256
78d5afad662a200b9ef2a1a200b2f33ba05db029775f4134d927be2d390b80e3

SHA512
c9ba0b5074673f02c6f4ee64b086cc50078a7e2b68aa22a52851ce3e0f7c60ed30a7a972e4656d18c96109d3cb23b10d4ab6fa3afa0150a0d756fec1ad0eacc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
6e389b837346f48123b2a35c93b90a3c

SHA1
cef928354fb9f30bec3bb97246bee5f10c6407c7

SHA256
8d1023d402a171980f3e0ef748d4b5aad57684a4cf45657d31f4735847fb5220

SHA512
30dd036ac617f51fd024b2a3263fa7aa3f79bf7f7029c310b1e3b17ed05a189238f02089c3efc4272d37dafea34088c6f16ce0acccaf4d18370d9c9245074977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
8066c86212790ece2403f03f55511ec1

SHA1
e2d36d3e78c05489561468ac8ea5b9187266443f

SHA256
6160f2ca4391597d322e6a0d748b3aa56916d34d079cbf02ee4b7b3df049febd

SHA512
0653e994275e85c39e3386b48834b8c03ea338497111c266c7609c0ff6dd6fa9636a2e6dfd0f76c2d9dab39a37b9f40c09b4f91a2c5f098f227fd2e5459d3c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585d0f.TMP

Filesize
89KB

MD5
2980b16111f6d2a875cafac12425713a

SHA1
f3fbf4458ac64946436ce4da4bafffa0dbec0b88

SHA256
2d366a1a921a66eee7268a5d735970b394ff0580f706c9676983e7d232694d72

SHA512
9b219b7478cbc5f74f2c617cf1fe2d3a734b0e5553f283a4a149485e408ecfa7d4f3be1ec6e05a0ffeeda6bb4db8d8d6482d907008c46104bc21ebe92ac4681b

Download Submit