hxxps://files[.]fm/f/nw4hjr6kxu

Analysis

max time kernel
149s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
05/06/2024, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://files.fm/f/nw4hjr6kxu

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620953208563305"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3732	chrome.exe
3732	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe
Token: SeShutdownPrivilege	3732	chrome.exe
Token: SeCreatePagefilePrivilege	3732	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe
3732	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 2860	3732	chrome.exe	81
PID 3732 wrote to memory of 2860	3732	chrome.exe	81
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1232	3732	chrome.exe	82
PID 3732 wrote to memory of 1392	3732	chrome.exe	83
PID 3732 wrote to memory of 1392	3732	chrome.exe	83
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84
PID 3732 wrote to memory of 836	3732	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://files.fm/f/nw4hjr6kxu
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff87658ab58,0x7ff87658ab68,0x7ff87658ab78
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:2
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2124 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4276 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4288 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3780 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4672 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5160 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5320 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5040 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4960 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5720 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2332 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:8
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5976 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:8
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5928 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5356 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4200 --field-trial-handle=1820,i,7410695252858938302,4732411844873898048,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1428

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c5013bb95783b5b2f97bb37bbddc9450

SHA1
1c53962da32dbb2470de18994820d7a340c0b877

SHA256
a1b07354e82e25b1c933baf63c2f3f20065df95707a1b9eb01230a4d05dc630d

SHA512
c067ef99325e9e2499c20217b94e49ebbb79a217f482cfc928b693713e546597c03f2f623daaae62726a455d803026f08428b3ec59306eaa4db198b5ed92eeba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c2846105d11f5a40b2d5367fd38b794f

SHA1
78afd0eec49cbe82784f543513d9f3a5bdb8894c

SHA256
25cd7a88c0ef4c57840c7f6e14ab38876110fff6253c323541315139f36930ab

SHA512
bb91321ca1fe52022a260725d4ba7fce10e1c487bbd90f8152cd9cd9336d166e68d133304ef00a2f7c69224e372e0ce701f76e78fd2528d33519c307810f826b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
e33a833e86a67b06abe9bdd6c1610b80

SHA1
46cb3e5294191afa637d8be3811da37c87f974ba

SHA256
66cef6e275a0c79e069b316eb5b68dffa450da253f24b4eb06e5d2532f6e369d

SHA512
43d0d6ea35d7f3b5b6ee27d26c50253d0d4744a3287fe10fe193c3680f886dd7c458bafbb2307e649f181343eca56644b0441bd47ae3332dbcf9cd9062c20093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
1cd942ba633603b1434563132647b77b

SHA1
816f31b20a5c6c035428cd720443c4c774f870b3

SHA256
43231cf0c5b80bc6e9511653d549f17d3a548806da7a71da6b43c4f28c5945a8

SHA512
ff96256dd9589fba95f84306ea2cd1ae4af587cbd9bc03145985bb813ac3f3b55af54d54f146ba4b7563a5d411a4af3a7e4ae52855a8266e80895685b608606a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1676a1e4920b700361640f093fedcc19

SHA1
726931627835f20c29b233038af436b4a6875013

SHA256
5f64f9d5d9e9f8513d3740bd5834a78e7ba4863566ca5ca58ca7406405bd6069

SHA512
8527fccb35e319eb62f8cfbf33818eb2392d92e9bb81f4aa257dad58be742be8ebc7a9202a33ec9635efee6d2a0688412a09e25d691fe1e005a21bd36c827e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f8fef3f1494187409540bc549833a098

SHA1
71418ea148d4f94ef4b5a4ff037119acfd3c812c

SHA256
4a808736146d1d111796eb1d26c1e567dfe073eb0aa5d43524a9d7255ee2ddd1

SHA512
cf20f5a0e451c88d7f57c34fe30f3aae4eadfacf29f25884055f006501c8abfa170a139567692a790454611f886a9e267bfc874c69cad6582ed4e2b6d054c66d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
30a4ec207f4e33c8cfc1eb81e9e4fa3c

SHA1
1fff8fb1e9385ba4b00e057aaa2cf813ea49460b

SHA256
4f82a413b6775d43c4a33224a1a5dfc1aa5bf0254f5891d6d42186eedef72e94

SHA512
91ddf1a2587e7c433ed2e3069d0ae09fc9834bc325cb6849a6b3478c8a06a835e378f12077bc1658842047be14ffec64b27a65428f70a14004444af47d7305a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c56584e5-1c78-47ab-bbcf-eafb701d22d1.tmp

Filesize
2KB

MD5
db9f04a3815e832dabef7579758c44d2

SHA1
e756da97d7879a480489ea73dfb6fec9adc96975

SHA256
73799ad4d8a2310aabc4e42af912a0a6f36473eb671dd949ec0150df4c474070

SHA512
b21fe353f059fde06933ea1925d026b626d260a79d8c6cbe3a9ebacd056aefbb390da3f40557bb7bdc10ef6b1378bd397554f2be71b245c4fb08fb20ff0b7a94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
96fbc983065f6bee30833420c0cd5a05

SHA1
f1290d163ccc8a530d5aa94165ae931f372c4f2f

SHA256
cd900e0c081ff62cfbbda5c4e170eac96c04c1a28a299620715f1929d4978e13

SHA512
2bca71e028d544b28dc670138cd0d1b12d2839d9c7bb2e07fdc2fdc4501acb1fd3a8b3cf2f9400373ecfb0b22f44b659f2779c0697ea1f720943b8ddbc14fa9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
69015d5b4b8f649276e8b7c5be7949e6

SHA1
c71e411b83da4cdaf5138d55995e317de3cc54d3

SHA256
e7b1a4515c575eeb251154f4bd1ee38b9de607d350258acb15d62ea567bd8e01

SHA512
52725805e48222fb4397edaf723be2d5b6edfac45381b4cfbb51f0e780ac4e0e27d7ff3470f4c0976f5b8109c45e07f66133ee2530315959005869f7237482d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1fe0244d8c4ef2cd6a1e0876a0d1d44d

SHA1
3ef4aee8639b21e4fe6c8112d1f5f13d7bbf6785

SHA256
cd6da7b299359b8f2407ab1d1683342b3fedde55480d9067f3a9d1180c7ab1b2

SHA512
720d170a0fcad7da3b52cd374a990c8f2cfcb7e37312618ed23ccd396fb9cff69543f3ab2455f2ed35e1d9ae84d85c30d26c38948cf9e05c7b3e1960893b9819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
7302cc4edf2f4507ac98f05baed425a6

SHA1
50539ee5c53c604ca09d00902739b56cacf157b6

SHA256
eb2b2618a4a313463f38707a4e0f08ffeab603e612c8468136ec5d7f758a7609

SHA512
c367f73f63073ef7fdcaff8b47d2e5796250919504a6598ceb380f44ca98a4b7ac2a2591aa1c33bce5662789c2e10a26de251cf19609c31907b5d58c7df9c6d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
c3543c5c4994706a2904cb97bdc78b4f

SHA1
5edaf2ce17f252f224827ea25f4b607f5c9847c0

SHA256
13bd9793dcfcf327dfc6967ec280a9ae36586cd11fc41c68765a2b3e5e032794

SHA512
4955a1eefc26abd9293fd45237e8e053292bc1c53479641b05015344840856a0faa97367cfafa64dd3cffca2cea0dffe96572552196757d8fe661989896eeae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
bf309c93c2c2c187dca703393370c7f2

SHA1
70728bd75444346f5a74e0a304b0ec3f25536588

SHA256
ad9487e43fda5a4b82fca024e53b8738628c52225cd2db6d0b37fdeb646be2b2

SHA512
95714eaf57363d3c191ada720b5ba660a43835517deefdfb55dafb1d36bd1d6586e974cd792fe5aa41b9a40ec0981e693b78543160d6a1210af2d5e69e8bc232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
298d762c1549dd90e26a8cd3758b7b0c

SHA1
a3b624bb435f472ba7e9c04badef00035952a57c

SHA256
9c4977b73c104e22c62a7197a89f14ea4bde25ebdf5a368031130937080f087d

SHA512
6e3901bcbded77c643880ef4a882d830b969afcdcf10689adc559bb28db0527bda8d08ad06fc847b145d4a74368f5222dbc24f095f0ecf5e1de9032b5231e1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5820f1.TMP

Filesize
83KB

MD5
9fab3bb043832c416de436ddd8934bc9

SHA1
a5c12fcf8eb63cde1dd8f282e14bcfb323614c85

SHA256
79a1153a889fa164938af8f729665480b9180b526bad9f6815b7b20d38e2ca3d

SHA512
253ee90db1c69a08745f9e8a762249ea83daba37bf0db746fbbaf077d8cc85d4907ed0caabae410629d27bdec21852ce9f119d27c089f130e8612d875b6cdbec

Download Submit