e7c86a734df3942463079883b96930f223b3cd40b501d32c3d143687d546d444

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01/07/2024, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NXOV4.2.dll
Size

1.5MB
MD5

2fd3f4348ffc36ed2edb18c1c204bd3e
SHA1

1295a7987084a4c31a561518b4ea936ba05701eb
SHA256

e7c86a734df3942463079883b96930f223b3cd40b501d32c3d143687d546d444
SHA512

97fc477cd153ad811ceadc60443af544137fd5197c7ba99f6dc05e19aff3d8d364ab41efdeb87b067327d2f4b331173efe1daed3804d8594bf62e046f5399d73
SSDEEP

12288:jWcvWYVU2jcnUh2+gkE+sPIdAfBXjvtQ2U1YMGI:yzUh2+gT+fMfQgI

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643222371873770"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{E0725C36-541C-47C8-8769-24721D57AAB0}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4172	chrome.exe
4172	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4172 wrote to memory of 440	4172	chrome.exe	92
PID 4172 wrote to memory of 440	4172	chrome.exe	92
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 1220	4172	chrome.exe	93
PID 4172 wrote to memory of 3288	4172	chrome.exe	94
PID 4172 wrote to memory of 3288	4172	chrome.exe	94
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95
PID 4172 wrote to memory of 1156	4172	chrome.exe	95

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NXOV4.2.dll,#1
1⤵
PID:1468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:860

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:1160

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe8,0x10c,0x7ff8358aab58,0x7ff8358aab68,0x7ff8358aab78
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:2
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4196 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3508 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4020 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4048 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4684 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4052 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4980 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4940 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:8
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4252 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4564 --field-trial-handle=1944,i,8635442445501718091,8193776182390319729,131072 /prefetch:1
  2⤵
  PID:5188

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
86KB

MD5
9ddd0737c0ca1606ae31f23fce133795

SHA1
6ec113b7d5bb4e00796f66609d14d10d3e829020

SHA256
dc1ee60f8f7100aed48f6b043412dab4ac371d67c41a035216dd7b8d979d0b28

SHA512
12de1a1427acee3dc855205be52956322903270b033b78312a0b3a3c570fb8c97cb7914ea824e59260d4bf363c61647d3666e862ea95786121b499e8b6eee745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
91cdef4b9a19a0ee0b4d6c4b7e95cf8f

SHA1
4c8ca1003ec5f23dcfe99f478b560b598e861006

SHA256
2c1d51edf4dcfd100dc64427bff8c077f604825aaec54b6a2efec13e8cf70f0a

SHA512
4385abd0981d0373b3eb8eec6f90f53d33eb07f1b73af24d92d667e65e2a22a7fa3c34b9a8e6bee985e636cb40f2b2d49805f41c668966374e83ae9011b3e9f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d2c8b9831db5978568213322261c8a6d

SHA1
ae7bf5c9d7591cfc575fd0fade46f5dd616919fe

SHA256
3df103ce81c2f9af9fa422d538dd333a495bea7b9347e73a64da7b0bdf4abfb0

SHA512
9b1dba3179d63e26f347311589a31657838928679d86f466fcc6fc34ca5578db9c4ec9f2250c7d4e6122d1c2fd733bfe7099fdaeb3ac4d9ae2707b7cc784b518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
15a614d6f3bb73ba856071c248fa599a

SHA1
66b4d44cdee1a3e95218ea07130548496634c859

SHA256
13d0d42676e35ab77d586619ae824c729a279b55ef74db7cb7f1716ecdc4f5f7

SHA512
4663c1dfb7ab31d54818a5f70c805599536adada67eccf9af9f516c280721c7c2a1d52af0ba26893b5ededcd539bf7a55348dc233869ead1c3021a1f40a3153d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5d0ff27e3d4ab6a7ab07323594ebc754

SHA1
efeb70cad0850f839944fc8c068bb192b5a2c1c6

SHA256
a56e373b7a616d62cfd70985d7c5d137b182fcccafc14fa6a3f011c2422a869a

SHA512
d62c096cb8c7731a9a80cbac81106e30f547acd56c3f3d0800b4c590ffa8a4237d00e105f275ec6501c9dbdc106ead9559b849334c2aeeb89594a1f3c9c8d624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ff098d00df48f03463dcad2b7a49ad56

SHA1
7e9e35ca18631e5fc6c85d71ecc90283880d74aa

SHA256
29d1aa069df6bf64b30bc778d79cebbadd95cd65c12a7467ad99fa8509225602

SHA512
a49d4b00e240866a6dca412b17ba2d1818b1b7b797f42d110eee1b2e10038ed56b745fe2d7907fe240ff950115eff84d3a9da158d252b9146ecba411ebc7ea4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1bdf2cdcec0c6b6a02855e2e6982b429

SHA1
461d325d8166e89b4ceeaa736f9b6c8c101dcf16

SHA256
2ba80e928401d37466eb823131d0339adc523056ea3af60bcff33eac390d886b

SHA512
b7b37600e38afcc47b4a5768439122bde3457cc48d402c4bdde5331e8c2ca067b77abc2671c58959b08817760b4a4eb2aff263629581f1d048132164aff40bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6c3274cdd1dbca5171b62c70e3db1bae

SHA1
f25b84ed425e440f8706afb742d87c1f9a1712af

SHA256
331256b1f3072f1461912d0be3a61b488640b55ffc6e041663a9cc4a5fce43ef

SHA512
2976405f0654d1cf100984cce2708029657f91841c77cd639fa94b724a9fa3ad2021c1c3ad64a6d6e9ea411437b49c286c896bcc218aff9f71002e7145445b13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
051914d770b9f448b19a916f35955fa3

SHA1
e217f687851114ce17326f9acaecba377c3392e5

SHA256
c65e9c6f9a7346671b370ff5d32fffda7ad0883f89661d7db5fe223fa25b329b

SHA512
c329c522beca36bf7230b1d2ec988a6221ba3d3877e4dd4d0ff17599c321b6f06ed98ede7630e976633561a5e13664dba3f56b03581f9dc3920f535ab75e898e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
248b807092af9eabde688ad2d6aa39e0

SHA1
359e90307c778fce33463abeff77ca384d684bd3

SHA256
babe27ade10303bba671ecca3a46cd16cb7b15e23bf2d7b57ddfb57c43c2a847

SHA512
9fd8af808893b8cee4585adf5327c79729eef08d7bb031a265ca8f2fc35a41a7128f3f89353c4c464f9559b8c965bd5662833425d733c1c8d23e3263a427f0af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
61eceb7c63084951f279c38558de5435

SHA1
b9894e0963ec357ceef27ac33709058aea376ede

SHA256
02dec068746846a5b4df8c61b1ff0255b996d8d2b1a0365b048c9ec0cb547b97

SHA512
d53dcd9848cc678bdbb073ae2b6258b4e471ced47f403308cdbd029ef09f282df1d89b72165a0dbebbebc8820e31b0df9e5e59530345fe996a42e0e1eb03242f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f6e347d7fb0a8148c8419b5c62ad8b73

SHA1
24f75a95c5bea320543070d170a4d168e6fa6e7e

SHA256
0ccf9188ff06c0c57a1f279a52bea5c0f0f94fca6d2e92536ee6f6d28462acc1

SHA512
5b7abd59da3bd36472a5859d23ea9acca3c421ae205b9012d675a8670419718a3dad1b1c45ed44a212fd59e98387b61f1b8b9566e203c137d7d88bcd2a49138a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6ada9c3747025d606fee7c1d732be21a

SHA1
2caad54c6c6311053b91bd95af1f2888bed08448

SHA256
4fa90692e53e1d7b059feb50b8e5c37c1c7149696ba5f4c24798fa3251a77b3c

SHA512
fbc2c7d39c667da257691ce4792fe0f4b4a4c6ab87efe3ed807bc22820c34f730a35a6f58c42b0e184a148052001d1db2ce94ca22cc7154cd94cb93c6ad4c794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
75da6adac11ce270267a572c566dc7fd

SHA1
1cdb0c12b8369604300f69517bb93a0870242544

SHA256
22373906202e7153e6223cbe52903c1d9c5ea053d181464fa4d97c2ad865b1ab

SHA512
3056ece18cfecd29155c12e72c5b340749e7dd1246e91370140b65bdb00245d3e06dafa07cbbc67adfc5e89f9e3f92c0bd00ff672abcc278a3a708446126beac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1aa0f3b993502250fff763e0b24f0ea0

SHA1
6f629799b3b4fc239dd2fcbf29d268b31535af84

SHA256
132ee2976e48dc82c63ec09cb33114fdc4f73fa5e317410382d0b8a14d61753c

SHA512
a72fda1d50d4a62925b79d40d216c4b3b6132736c31e6bb467154771435f0d8f81138d2fa25f7afe9564508fc5519284813232745ce9225cc2240cbae9fb691b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1388f0fa29f3295a685f4bf4099f7f2a

SHA1
13b929913e3bff84cc195c5f4ba8fe47f932ca49

SHA256
18945f7ac27412a7fab4a2355bf5182175c1dfa232f4437a5488e982d9489339

SHA512
4b6617479b658991e3c339de406b4359b885a574ec6619fa3ec52884cad44d1b995df0af0e64e08fc3663f0b44f94ddd2d4f2a4580a196da7474793e84a9d105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
a68c8abecec95224b3cf79453ae8d8af

SHA1
0a046fb3a97285e5fef9038d079326831b887946

SHA256
acb34afbc03c0864ff7764ba5ae9f851d5aacfa33117178255aa078776c6ac2f

SHA512
f6f488edb1b4e7d74b2ad7b5bf33d05eae0607dd290e91fa5274948a6b338668246d49fc28968f48c16f4e0c7b47b3b7ae7545b2c4cf7f639bfde5c72b78580d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
269KB

MD5
6b120b250a14e8eae7669b3b0f4acbc2

SHA1
76cc4cb1ba2e2adead00c66fa692a331601d6663

SHA256
2fbb149abfb22b1b23303757f4ad0a97377a7e690163761b07b1b98bad39d2bc

SHA512
02d1d8564cb93b1d1ff7d4da75e60abddfc6cb764564876da491099ac121e4f6c3662c0f0234c37baffee0f6343bcfb818efe96447296fa33db9b751b71ab32b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
2a6f6419b90202018d50fce8d3241a49

SHA1
4c3a316ec5700b62a0793c9aabf874bb9d43e3f7

SHA256
452309dd6a2947f31de7ff1f2d57393f700c8e2614af99dabae1f04e234a006d

SHA512
94d7c1db9ada7496bbb2c7a7782a88d76bc1c6574d9f3a158c0b917b59b98a42dcac3b07af44d3cc4a53dedfc12b61d85b6320014c98888e4cc78e69b21cfa6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
78d33fd24a646306e7a7d4bdfa3ec40c

SHA1
b2b1fbf8331cd99602eec087a2ede154d83f1476

SHA256
37b7b01465acd93cc25b4c6dd90ea8d9cca4338462fa8062ea747fab30b8355f

SHA512
0369937315f850d2a36e72c49dd603253507bb56fbf18ae622438060645cda5a3fb7e3d5322cd4d99132fe305ef097b1db8924042f5894033eaae33765627973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58946b.TMP

Filesize
83KB

MD5
419f360b8395feb7318b182a80ef7531

SHA1
d1f0a6054e834cdd85d72d205748aa153d698546

SHA256
b635bb1d9a826bdc2f4304ba9273e342288f1e0776edb1822c382159f1dda43b

SHA512
88b123641de5eb0becfe9bfc6333eacbb6f0252a99c3bb078272e639a95d8b2b997b6af49b0825543cec43fd8a257ad969c103d2fb532b9a689668204f00013c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit