eace2f108bf8c0d48db01df2b4be5591191bcca582dc17cfb3166ba8d065bf9e

Analysis

max time kernel
299s
max time network
297s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
23-05-2024 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

images (2).jpg
Size

7KB
MD5

318ac157e1ab1bbe89a3524824a1fff7
SHA1

7d656b2683ca9ecd44dcb39462588deac4a6b556
SHA256

eace2f108bf8c0d48db01df2b4be5591191bcca582dc17cfb3166ba8d065bf9e
SHA512

84c424fcedfb6a11276a77d9b009a580764be6b0781a547f8149add19c6d1bf5d8791477626233e974e899705de4a951527cdf0a94901bbfa092d70781dd96a8
SSDEEP

96:+dcTMN0ncYcB5prVxr1Qaulw/52tWdPLPatiGCqS/Ir8fTx/QiudNNnDFVnJzFDs:BoOncBprD1Qa/UkU4qxYiRdZDJmkojT

Score

7^/10

Malware Config

Signatures

Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description ioc

Destination IP 54.203.171.68
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc
Destination IP	54.203.171.68

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609619367230213"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2932 chrome.exe
2932 chrome.exe
4572 chrome.exe
4572 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

2932 chrome.exe
2932 chrome.exe
2932 chrome.exe
2932 chrome.exe
2932 chrome.exe
2932 chrome.exe
2932 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2932 wrote to memory of 996	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 996	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 4328	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 3876	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 3876	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe
PID 2932 wrote to memory of 2276	2932	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\images (2).jpg"
1⤵
PID:1364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbe22b9758,0x7ffbe22b9768,0x7ffbe22b9778
2⤵
PID:996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:2
2⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:8
2⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2012 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:8
2⤵
PID:2276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:1
2⤵
PID:620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:1
2⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:1
2⤵
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:8
2⤵
PID:4388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:8
2⤵
PID:1936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:8
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:8
2⤵
PID:1288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:8
2⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:8
2⤵
PID:1848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:8
2⤵
PID:512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5300 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:1
2⤵
PID:3896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4796 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:1
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3016 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:1
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3096 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:1
2⤵
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:8
2⤵
PID:908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5364 --field-trial-handle=1732,i,12477288889287333023,16546172473104727772,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4572

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3792

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
19KB

MD5
00b8dd34dbb4d8daeb8b2c7de21bdf9d

SHA1
3945684555405b0c66b7b41429780deeb3b93781

SHA256
b715b7b07a23818211690bfad3ef63d2854c134f78955081b81fae9b1ab61b9f

SHA512
354a97eae60dadd9530b1b5c3e8b4faae61cfc1ed856f3455d240639ddc5ab1dcfffc29039b7a99f3b1d961b56a4e02c6747314d52583d9f4c5a7af89410e96b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
Filesize
19KB

MD5
b5196359637fb6c358233044ef210029

SHA1
1eaa1e126c298a241a3f8c2ead587ebb7b3b4fda

SHA256
7fe44b1adc57e63b6115ce442f46f7785b8f167045b7d8c50d3fc0c2bbfd7037

SHA512
6495831397c7a3a3e5326ad3fd6e36bb36f3ccc3315723c0783d9b4144998dafb40cd5789461f24f45a6e27de42a29bdb8d708bfd4ed7b1cea8091f7748112f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
Filesize
18KB

MD5
7102c7435a7b562f2fe7688e41fc9f72

SHA1
86a9be9f9c0932552d5305b3b09c40a6818bc66c

SHA256
0176cc32ad3764488a2a98f92a2085fb249bdf9255d9137a992e05b77adab994

SHA512
8a0a6540effa005255edf7b4b41c07f3c8a4f3e003b6608bfa274185abe0b1eff4c5cf90ff4ead58a1915b0120f0a1ce3a89fb865d2dbcb91acb08d40c3bb7e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
fb65a952744aaec79b845354615399de

SHA1
ca83f5a622bd5bdbd0d304e8d9100f047fe2c91d

SHA256
9816d60bd102d1d92e47acf141ebe058b1359949b8e308f10b46bc00bdbcc1f2

SHA512
3b6d6c105c38ae20bcfd77cfe251253f04f2d3424f841fe78fd2c876a2452084b603aaa517fd184ebf447b3dad2b9c05f2ccbfcbfccf074f3a237053a2f59530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
25f2c8ce5dda6ed9c619bb3428c4c6a4

SHA1
aa143cc384fc6c0cacc22f45fd1b45c9798175b4

SHA256
7953929f81328daf3b6a7e47da330a3838ab101be195c36cfff091474cef02c0

SHA512
a456fd33adba798fa624f2c84e29359efc112b093b40c591a7c39ec5874f5c6fe12a143c157001e441dd06b2464966f7ba4f383d74edbd26626eeb2bcc365f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
23cce3826e11668fdbf5156b760e0ae9

SHA1
dd1b53c17eaf2a04d5113a23e862d2d7e04b1711

SHA256
6f95006f20756b07cde68cdcf6460fafc8e79cc7724c0b0c3ebe1743c1900369

SHA512
6263a1e6dfe765ba3186d82ce5d3fc34e2eaedef4f621dbb3bb0cb4d862ffe9af9f00231c295f5702bfb58bcd9415b17eac1f090f24a97ff3c5618ebcdc76b3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b808fdd7021cfd558e60be037d2c2976

SHA1
c41745500d3190d7df289486078a32c7982f1369

SHA256
0a07bfb8f33ddff337b8f1c6d1b7f83f40a030c51e050e3fc3cc2a88ee2fe12d

SHA512
d057c4301e7273c9ff776656e63a5be4fe1b166e4c2b6757426c1819766fa735ba7c4787dad39d7744f0f00cbc800cda0a768b9a6844f85a28e7942297a6c22e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c2c8d4a19129040d32d4598f32a12d6d

SHA1
5416ee9649e746501d3726ae059d3b7c197843e5

SHA256
790916c513a376a1d8ff7dfad4a0915ecea261906790dc39f1db2a8e56707d11

SHA512
a65888e93190de2755e5c4f80be854e7c2a235e2bd87a5aab48893fca82437bef1968b2fb933ec581af476f43d92e3905d1e08d4486ff67fdd8ebeb62de3d27d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
7870f088aacdfda32c95e546c7956dad

SHA1
166a0c2eb72573cc5d7002ca4c0374fe3669c2a8

SHA256
ec369cb1eda02516414d80de1e21c95ff9ef00cc1ba674f6c816c34fb611faf3

SHA512
83a677772bc8cb4791da3294ea4e2ee71fa7e418f8a1fe3610643bd72f866458f0c55f8d8ac610b30bd73962a4bc67b50a55ae0e37b726a87f5c4e17d99c3c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a0d063cd8bde6c0eb028c67850ce8c9a

SHA1
8b52804c8adbe07189d7f075f0dffe2a0b2fb3b7

SHA256
eb2369c4be400e60b357efcf5a95f99c163839e936427a6a5f8277ae3d85ad02

SHA512
42d01239abb6691f2d9f73b4d336e4f8d418d2e0e31401689560f70ced3ade3f6166f0421372b1c1d4f051552d18b507d79f769dbb6900fc589e2486be25d8cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b6bdb2e88c371c9ded2f03aed79623b6

SHA1
ff16a7813fb597c4e627968c600983e6197df05e

SHA256
11ae88bfa7f40d27b25ae8546efe2a8d8bdc086d6be2b7eb1a3757ca0b88ba7a

SHA512
68a76fe2785668129e446401e818be2b240a10cb4114cb928e46f8d8b296c6656f548530846d2f075242ee6a1bc2060f156857d388860b15c244c9f27a30dbe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8fd1dba839a297b88b974252a8c754b5

SHA1
fff60744b2f6076cbae925a0f3d010e6e1e099e7

SHA256
eb44ed1033563e05f0da53fa54e563e40b4b1d797ae5ae217c190b48e2686374

SHA512
f00b987e5ae50b2a98ed43565e6048ddd91db8a0b8a27876af57c5fb390cd097e09a69261204db6001a4b4eb34c71cd8440f1996e6de2fa1909f76d850d45653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f14834112e9b25121c1efcd5c5077723

SHA1
1c99199f87cc87130eb9c3b36426542d52533b1c

SHA256
649662be979289cf64df9e9d11eb6853e53ea79c30f3339f4333f7a86593de38

SHA512
80ae7642f625a3782171da1cb4806b68d1235d2b7535181cca21f9261273eb8c5ce2c6f6e80285fad8da5e54ba74263d28a1c07034efd0c6a50a0a4eb63f1179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
84896a46efb3c093dae4d76e7630cfd1

SHA1
e7e2f14995eb739a57c737929cd3c7e063901cee

SHA256
ad180c4e63bffddc9597963397a02e97ed26aff932421950bac950da9509d349

SHA512
1cff3f82c0c0010bf5b0983962d381a791323240050c789119cdeae52797ec2e8a8a994a99dfb8b90ebb7bdc0bc8e9b080f47388858f8e4eee8270df792500e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
bfa8a0f9ebae3b9523625a2a2895c33d

SHA1
6c9a70271e860b5f7f975fb413552b3fa260fc04

SHA256
da9f64f6d9be1fba103d9836192898e2bab71d14f9301fe7df6058e6dd429f12

SHA512
5f77c1bd4d1d17f3ec58b00ae6aff7c20104b197dc754803f8eff3ce12b1f3128f044c29998823b62b87b39755b1b928d46ea3c901c691e9d7c01cf33e3c7442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5890b2.TMP
Filesize
48B

MD5
b5f188676f56f294affe72b7296dc89c

SHA1
bbb34aaae5ab00ac36b17131ae98c00dd15082f1

SHA256
0998ebd365a01aed3396d2e0cc62f62e92b6404d8ddb7eb6dcdf9377d46231f8

SHA512
f9c919c7af4abe1eae0e43fd845d02857e980a602be2ade7dfda20a3149a216b7b1f1fb98e80775a5dc8b40fb39d749b7664599e9edce92ff889789bae877082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
2067d62423c04c2e0134336eced0c03e

SHA1
b7b325f46b66b93cd944eb79d79f47e7ed3eb369

SHA256
18757d357f3b824ba324f18a40a70d418178d7d8a7e48d33ea43b0dbd31c576d

SHA512
51332789acc36147619fd97814a46cc67fe57b5f9b163acfb1be5bb6f60d22b9ac2db721b9c433fb567bfe450fffe5da3fef36945c49d1aedb9947ab4e7887fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2932_ASPTUYKOPDMZTXMD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit