c23602e023fd51080affa1d1a5000ff7089f7f3acdcd5c34e453ff9ee8fd5ba2

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Luna-Grabber
Size

338KB
MD5

eff9190fbb71bf477f4e80100dd7202e
SHA1

bee0c3381c6da2dbf30d5d814dea36287efa5029
SHA256

c23602e023fd51080affa1d1a5000ff7089f7f3acdcd5c34e453ff9ee8fd5ba2
SHA512

80c1ea6f40ae1f21d51a624763014f56c9cd4cf11b90244065de7cf787a4ac4ef265b5575a8dd34266733d5a89b2e984fb164a9d064d0e9fb1399d1957c1ee39
SSDEEP

6144:+CoGO2n9ddKM2vkm0aWyRv3j9qvZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi0Za3y:NoGO2n9ddKM2vkm0aWyRv3j9qvZJT3CB

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
108	camo.githubusercontent.com
109	camo.githubusercontent.com
110	camo.githubusercontent.com
111	camo.githubusercontent.com
112	camo.githubusercontent.com
106	camo.githubusercontent.com
107	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612158286891620"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1596	chrome.exe
1596	chrome.exe
1536	chrome.exe
1536	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 1916	1596	chrome.exe	98
PID 1596 wrote to memory of 1916	1596	chrome.exe	98
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 4676	1596	chrome.exe	99
PID 1596 wrote to memory of 3696	1596	chrome.exe	100
PID 1596 wrote to memory of 3696	1596	chrome.exe	100
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101
PID 1596 wrote to memory of 2276	1596	chrome.exe	101

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Luna-Grabber
1⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafc6fab58,0x7ffafc6fab68,0x7ffafc6fab78
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:2
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4224 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4820
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7489aae48,0x7ff7489aae58,0x7ff7489aae68
    3⤵
    PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4772 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4168 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4860 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4040 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=848 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5104 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4556 --field-trial-handle=1928,i,5482836947388801394,17473365640394221389,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1536

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
56806cdfe221dc186dd97540671e4d5d

SHA1
4cb1b93ac812747c7e0295b5423b2cd66f8bc589

SHA256
d76f84a0624c9f08038e529fffd0c2ba1266593003649dcb623f11cf14d17e67

SHA512
b2958b82f943d7298a073fee53411f677bd2ddde39323820d3a035450b2326c9a023c0be186c447b2f57ff366450399d626671089d0503d591e2417314654bf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
315db0ca575efc6b64b8e2079853d3ef

SHA1
d11310ff4d676cf5c869a382916b4b408c13b6e6

SHA256
09c5c2f110ed478803546b4a7cde362125109a2199a8771e2d9dbff96f14453b

SHA512
7d0df7b02bf6d7654686621a77e12048415794acdde1fa5284764736d88881d1ecdea768510859a080b1a7a39849cb0486cf0494a94942c751cef9bc29190c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a6b90e4c040739d4c317e499798b80ed

SHA1
73403c1657aeea7285dd0c52d4052bec8e3609b2

SHA256
d5b40ccc984fd75905a341b002253045d59a5bff6174eda216d2a1d2da975a54

SHA512
da04f585da4544880415b99d7b703505a04992a4765249328b95779a6e424f8bc46185249d302fae08aa311281cef8422f6be7774ba1761ced52fd8eb30919df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
db6127fbe0a3e8e08ae6d864e315d343

SHA1
910926790995c1d56aee5e90fb06cc9b6667c672

SHA256
8efca2e6c9f4d6ea05fac53d27a03b2a7873921bcf14d70cf5f2cecdb95cc15c

SHA512
101e9f5c6a12e47af4cfa42dc407d72bbfd0d17fcf416e828c281b3e1692a86ba708fbce64f410b8904c5cd8d87bebf0eeda39cb2c5894f2605e640e42f7aee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e620c9dcdaed254f30f8877c951f059d

SHA1
bfcd74dfcda270f24d317a43e45d97c54ef2143d

SHA256
f30fd377b5a4e04292ec84da658de897433b30b56f7b0acdd7cd0d64bb090b8c

SHA512
c9b1429af3952d1ce7bf9c976f4cb170aaf00e7cfc0fae5492f5a0e4da39c379ace235f8070485c3368d174efc5ed77f1cf1cea820b05e6c9b121977bf3ef4ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
057c0193ef4a0adc04d2a2a56e09b056

SHA1
3f63f309cf8ddf3ca97d64e2cd6ba50f9bbbf539

SHA256
7e4dc8708bcbcd2d828fc305ec368ea23dde6699bf0fd5c1343f704ac16f7059

SHA512
c58b784ab059f68d1e2a12801bc337c2093f3cb26c3166fb24cfc1a93dc1b9226ed1a66d649e6ecaad9de149a02856098b3636a07ae2f398af81a38ea899a4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a30d0e829275395a1f1f09b2fe16bb6c

SHA1
2ec240062b2435f82da79d95a6db3e03593f0ab2

SHA256
4e1452160bd0c835c3b87cb593a25959a7739ab106227b6e4292a78cdaba3004

SHA512
2a6f3d3afa6a883a14e65c36be4dc9b25d00b175fc4fd428494315356762439218ae6863ced1247d707fa21dd03a794fc152333386f7f3ed91d98eb0c508b03e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c7c2a47d20afbc2acd0fed0c4070e3d5

SHA1
31c0ff73004bd40eb7458a36efb31dee28da9ee6

SHA256
d20c384e2708e957e1b81228cba3d9c0c434a623963e22326875393d8147d04e

SHA512
3c85ba7b396ffef1496d86b1a147b8cd75ff7ed49667be6a60827fb462fcce111975fedd6c2b8a32546d46b550543757f92a9a55f67888fc5fbe3942428fee36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
a03d75eb3e65f62f1051d526b6a0513f

SHA1
6b177683164ed9dc5ab59a91bfc37462218d28c8

SHA256
93f80c405d06b23773130b07aee6e972fd7efc6a80061a8e1574dc390f1f4172

SHA512
d9c5232ae967e21c789c32a5bb618bcfa03458995234c067f5fad7cb670bc3fd9d853a33499a50574a1706fa9dbba6011d30f5e822071b22b6bb26b138645977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57cdfe.TMP

Filesize
120B

MD5
149ac66996dc60273dd94099ca34ed80

SHA1
2c79ffd826ed1b7c034073385e69347a20aa765b

SHA256
a079fe8db06e3774459ec416ed12c5a0f2131b4db9d3e951b736a4e586d04105

SHA512
b3359b1acf2663b3218f1a201a1789a53757f45f502b80738b314ec5c802482796f2977e03577aef68f2b1a7baf5d6dd979b6b89130ed4e6660b8a50d1a754f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
e92877d64a017d5097f9af6830e8e89a

SHA1
3cc16cbd442e9f06f9f7adff60d822a981b55158

SHA256
74f5c3dd7d46ff0bdb746f65864acacd6885723bb3d818f6ef134976d7d17ec2

SHA512
fdc3abf8e1ca187f6e69dc6e4c198d9253136597f2315281c9c65137cb3e3ba3b5959846c3557cecfaf6f27860e81efeb0609fae319826af595dca7c18f8703a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
2cfff8a7d045a3df898feb55be2889fb

SHA1
b207bacefe4d84a7ca96a94d766a25557ea1c1c1

SHA256
f1e28e8aab86c5153313d4ce820052bed590eff5c28e4a3fbd846538ca2fbfa6

SHA512
ae70f43e5e15727cc0ad3eb2c87238d580674e9c53b0969e80aa1ebfbdd67fdeb8c390199b07e120d6a4726a33c5f30e91755c474c8c98f542fed9119bc3aa97

Download Submit