30fdf8ccf1ba767638e1b944141d85c95a193d77c97e4ee33e30ab00ce1b9fa3

Analysis

max time kernel
1799s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MOl2Vv.html
Size

514B
MD5

f908a0ae96060a44bb4be1d5a1bea515
SHA1

50ed9c0bcb9b625cbc65b1d34cb5fb1679f7d787
SHA256

30fdf8ccf1ba767638e1b944141d85c95a193d77c97e4ee33e30ab00ce1b9fa3
SHA512

e11f3e4bcb9dd673122a64474631d4cfd674c79fdb71894b4c6896b123db088048c08eb34d1d8f6b3184ad6b8a525b66415d31ec9f42c7426f7c958ebfef0d8e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639750191416236"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3432	chrome.exe
3432	chrome.exe
1220	chrome.exe
1220	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe
Token: SeShutdownPrivilege	3432	chrome.exe
Token: SeCreatePagefilePrivilege	3432	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 4572	3432	chrome.exe	83
PID 3432 wrote to memory of 4572	3432	chrome.exe	83
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 1500	3432	chrome.exe	84
PID 3432 wrote to memory of 4404	3432	chrome.exe	85
PID 3432 wrote to memory of 4404	3432	chrome.exe	85
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86
PID 3432 wrote to memory of 3508	3432	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\MOl2Vv.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff892d1ab58,0x7ff892d1ab68,0x7ff892d1ab78
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:2
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3264 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4588 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3404 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1544 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5204 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5344 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4912 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1068 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5612 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5620 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5672 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2108 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5400 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1840,i,3740872889382728968,2271354588869952209,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6fa821b4-989d-4fd0-94b9-c5b03dfafc71.tmp

Filesize
7KB

MD5
0859c9c5d3cc5ddbba195e778013e430

SHA1
73dd376a492d84af9525658716cf9420af1412c6

SHA256
4fe795b8b9be9d71a5e2ce1a0c65ab268da5a5a86f02b1b7b5793cdf77c2e42b

SHA512
39af7b475435a2a2e9d219c1f142c652c5ad2488e48408b619497b92ebc8657a5cc1228098f44dbfea3d09d6b6fe4e27128b7988f83c163b6e280cc26836bbfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
f04851122c7e6994ea19285779819eda

SHA1
0b3531a0b1e4a019906959a17bea7eba8201ec42

SHA256
b5b6b369ff3a3665e3bd2e8de8503fb4204a77d7ce85b8ce88a4a2409f6e576b

SHA512
ed5d42b78ded76ebb5d9cd0980b72fe456cd0c7c64a4aea77e5925684a185d74cb9cf732a5ae4528885ec6446c306629234fa8fe8f7e0052f9f01aad44b18b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
07be707bba0d5bb024547c6f98867cad

SHA1
dc4492890bd540396a3aa10fe9bed03f0a3dcfce

SHA256
349d6f8d9ed04f16ac99972c614f55ea83d2dad838abcac6a8704fc72134536a

SHA512
4b650cd13e5ae0edc78dcb29722ef8b03a54b8205bfe93b59477bb19185d0e2ff8dff958f0ef8e290759288a71b72041cb827440b1f7d1f928e7a956d28121fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
877353cd27d11b65c63623aef53b17d6

SHA1
6f1578e6c24d0170ee7c6d0eff20c09ee18468ab

SHA256
c16426ea1d7e84603e45367832d5ffc6b00a47332c9198bfa222e859a9583a99

SHA512
46a364aff2b3fbb25b98b54c8cc8dd0aef4d73f9786b2f692caa8bd1a66d21661c88e6fd4c503f0c25acef8a59f30b770f02247a81ba9ac750b95f8ba2ef6727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7e8510b3e9d93fee94c1cbf7c03c5f7c

SHA1
888a73fae896220d07d53f4c2318aafab64f504d

SHA256
7010b174dac6ee08929e6d33b965c20d3910aa016eaf2c1e8670316b393522c0

SHA512
ec3170f27feed345d82ddfcd00580e68f9c7990f86ec4144a6059577d48fd9bb02c8580b100d6f6d75d846d0afd67f2a141bb68e88ac4bd8373d634d800cefb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
d0cac08d4fff9e519ffedee098e34a34

SHA1
ee98191f91e5b5a3dbc3d4260161a69d22136cd5

SHA256
81ab4ef1e7c843df989a5c0d3d8284a22726c71b695f6ea83fbd510d05446084

SHA512
6b1d8197f00e531d70fcc9658c1c63bd233135461482e5d4fb73937691d97902f1cddd9b3c88c0532cce1b9b27cbffd84c37ce47ec2ba51439555356d7e1c0f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
0a582ae729585e685f5c0a32e092df57

SHA1
9ec9d510f041f7f2660cf83d454af726446e8536

SHA256
262dc72affe33150091ec87f3375452ed692ea932ec37c9e0ad9d02cbd41378b

SHA512
49437e2f3e129cc5601111a7cb89ab97213c7020369cc43ffb79600b14e3be639316f447943c8e6931b6feecc8fe8d1928048e4afc3d660c7a52a23c83873b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
d06645ea7fc2384d392cb73960aae257

SHA1
4548d2e7e7a5a941894fe2cc29f844f8e0cebc33

SHA256
cc1eff64c1c362ffb12087fba4c6a4551c5dfb6e2fc6f866587bb6c974f12912

SHA512
b3b1b6ef57f95d0c8e009866594668a35aef0b30d0787c08bb1d08a5382c055736174fa8ac8176457335dc9e3436460c07478bf8ce06f6cf1c8f0172ad5aa231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e404cd8da72088599d91128fbf86ee4

SHA1
b9843d1493dcd6a97db3123e1ccf59c6c69b0f46

SHA256
96dd686064f9caa02bcbc8d02d68b38af04164ed0bd7ac45a854ab01dd263a15

SHA512
0d9e3393a56dcfa52d305a028cd183602b4d9390315ff4eb6aa71eeb57c23128fdcf871598bcf2085dc5acd5c2c69b9edd649d75436d11b6ff0f3b80939a8350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b4997433e479dade1d46534239a68a41

SHA1
2930a59fd2292d60632ad7026db261af2ac1e0d2

SHA256
5e474fbb7b748c68514c4ba57f310fbba1418b39f6a6eaa50d3d1e0e91767905

SHA512
a8e08ad790cb0cb920fd3d5c2345b6cd76b620d485329c91ce1251171fbb08d0b20824489e03e96084901ec4de8d0f0d3212abbc767b00faeeaf4468fd27de2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
73c5e9476c695d3be8ef4b095dbff0f6

SHA1
35497a615cfd80db2e7704bd8734fa2cdd5c0b85

SHA256
94913fa43d8983665f5195d5f27668b388ef18c6608acac0043881d9f4e42a1a

SHA512
90bc37c587b1a4032cc0b251830f6f99f3da302019436e5f46e96e1b05607738d96e4404c3cb739ce3b354c8c96a2ea55c0f07a6ce0b7b31dcf69b23a0d0ef2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3c5d37b76cbe88eb3356c486016b3cdd

SHA1
70c73bc2b16c1713ec14fe8b1eaae91bcdc5e73d

SHA256
50f2656bc0dc7352131015ca8f1fe0c29d5915aa01195fa95d6b9502803f7498

SHA512
a18950f044f160944c331869910c2174c7eae62ea8d9aa400d1e322454c1621fa842c515044b92d8baf556e16b86ecb9814fbc2082d9e5a183d6c3ef2ddda8e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
085496cb8807b9e44ced9a3d97024203

SHA1
3ff3cfa1a8ce5a34c1f8ea3baecf8ce612fe60ca

SHA256
771138ce2d391367dc8372319d4bc2ae831cd14a18c6e4b03c433d1d73f29189

SHA512
89fc41a1df9cab088ed9d00031933be9a8ab1de04a56a70b279c98b0d8c350da5ea7a05cb158c9d53cc01e016315cb505d273bf56e42a6b435e6e84271a50666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
09d966a76ff3e490e6e52a7278e35d18

SHA1
a057144c3784eb57fc9814a693402b199beeba32

SHA256
b31a479d1a04ef22a3d410f4e661e6aa2897ee58fc28383d35c39cdc6eb11e37

SHA512
0cb0632c56d6b25abbf13b2ecde2cd8f66d8b9f7b6cbd4dc3df60376f79b2343268554607bd79ab6eb21a110aee70f226fdaf9dcd2ca6e0fe9a9d10401411acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
2bab8336d2580c656a20a50c721214de

SHA1
b906ff90663c45811b08996a9f743c6ec7d20154

SHA256
a5bf9b17d8eb66361106582e0e53530568edc8ce3b791c3cfb0094eab662e8ed

SHA512
e67c587f20dd092e816b56bbfc75ca7260c074d36192c0c83eea80a307a3dd1aa6987f070259b54ff130c5d5579e9a38b0ea79b8bae8f221bff6151fd54bc276

Download Submit