hxxp://siemen-energy[.]lt[.]emlnk[.]com/Prod/link-tracker?notrack=1&redirectUrl=aHR0cHMlM0ElMkYlMkZpcGZzLmlvJTJGaXBmcyUyRlFtVkFzTDRocGlMM3g4dE5iN1MzYmZ4Z2VEZnlCRlJYcndHYWhtTWF1VnV4S2I=&sig=7CstMzLnjvYAin9Tn5FZ3st6C23za4x3b3HyH4HQFeHx&iat=1679303910&a=%7C%7C226311463%7C%7C&account=siemen-energy%2Eactivehosted%2Ecom&email=DchG04rW2snvjb6YozFNpI%2Fc%2FITI89XiOocvqA2FzPOlqksBkw%3D%3D%3AT83Z1jNRIuqKvtbxCg%2BpwzRkD70sRKg%2F&s=c9d41eb06f090303b4668da50c05e00a&i=2A4A1A11#aG15YWNoaW5kdkBhbGZhc3RyYWgucnU=

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://siemen-energy.lt.emlnk.com/Prod/link-tracker?notrack=1&redirectUrl=aHR0cHMlM0ElMkYlMkZpcGZzLmlvJTJGaXBmcyUyRlFtVkFzTDRocGlMM3g4dE5iN1MzYmZ4Z2VEZnlCRlJYcndHYWhtTWF1VnV4S2I=&sig=7CstMzLnjvYAin9Tn5FZ3st6C23za4x3b3HyH4HQFeHx&iat=1679303910&a=%7C%7C226311463%7C%7C&account=siemen-energy%2Eactivehosted%2Ecom&email=DchG04rW2snvjb6YozFNpI%2Fc%2FITI89XiOocvqA2FzPOlqksBkw%3D%3D%3AT83Z1jNRIuqKvtbxCg%2BpwzRkD70sRKg%2F&s=c9d41eb06f090303b4668da50c05e00a&i=2A4A1A11#aG15YWNoaW5kdkBhbGZhc3RyYWgucnU=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239584710923428"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1172 chrome.exe
1172 chrome.exe
1356 chrome.exe
1356 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

1172 chrome.exe
1172 chrome.exe
1172 chrome.exe
1172 chrome.exe
1172 chrome.exe
1172 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1172 wrote to memory of 4344	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 4344	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 3936	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 4704	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 4704	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe
PID 1172 wrote to memory of 1668	1172	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://siemen-energy.lt.emlnk.com/Prod/link-tracker?notrack=1&redirectUrl=aHR0cHMlM0ElMkYlMkZpcGZzLmlvJTJGaXBmcyUyRlFtVkFzTDRocGlMM3g4dE5iN1MzYmZ4Z2VEZnlCRlJYcndHYWhtTWF1VnV4S2I=&sig=7CstMzLnjvYAin9Tn5FZ3st6C23za4x3b3HyH4HQFeHx&iat=1679303910&a=%7C%7C226311463%7C%7C&account=siemen-energy%2Eactivehosted%2Ecom&email=DchG04rW2snvjb6YozFNpI%2Fc%2FITI89XiOocvqA2FzPOlqksBkw%3D%3D%3AT83Z1jNRIuqKvtbxCg%2BpwzRkD70sRKg%2F&s=c9d41eb06f090303b4668da50c05e00a&i=2A4A1A11#aG15YWNoaW5kdkBhbGZhc3RyYWgucnU=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc388e9758,0x7ffc388e9768,0x7ffc388e9778
2⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:2
2⤵
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:8
2⤵
PID:4704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:8
2⤵
PID:1668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:1
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:1
2⤵
PID:1412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:8
2⤵
PID:3368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:8
2⤵
PID:1340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:8
2⤵
PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4812 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:1
2⤵
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3336 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:1
2⤵
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5096 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:1
2⤵
PID:3336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2804 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:1
2⤵
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:8
2⤵
PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5208 --field-trial-handle=1792,i,5492201471897783530,4389070772693512951,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1356

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4348

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
be358b5a66138a180a68c44109b66c96

SHA1
1216413a46281b67fafcddf06b1bc3daca2a2ae8

SHA256
a2aa1c313d742f8cc5b0fbac70db9a53f24811738324bd79514ddab60ef6180f

SHA512
460554fd14fdaf160b7efea08f97a1fb6fb7a9d8f983272a99b7fed97d2cbd604fff5e603a580189e705b019b13ca59a5ceccd17e76d825f92e48d57a4f487d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3fa609afc6a2863865a7c1def2bbfc45

SHA1
b0dfa0160528b7c7f5dbd8127fbd3626ecefd99d

SHA256
d87450e32bd11514afd1024f51aed07426d7755539702ad074abf26df1cf22c3

SHA512
55c367ad970ddaf9dd6dbe607463efbeed0700b3df0f725167d029a28bf08725ceafbfa3383f1a89f1f7c8700d2328420b657ea35a78ece3beb0c80c256874ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e9e605d68a58e151376d59898bdcee79

SHA1
58b97f354fb775fd1ae9999fb007c5974e2d5a44

SHA256
685342cb4d568b40a191f6e65f0924feb740b003e36e293a0cc6fbd8ee56ce8d

SHA512
8ef5274641954452cbaa9bc7e2ab00947c942fe9be3734743c15c8eadad73a4f185eab1f9950989106ecbcd669d95e22e53a4ee4391382a149985ac4bfc82d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d97942aa05f7b67b0f4b8826120af4c4

SHA1
841e274892669011711e7ab66db6f10330451923

SHA256
2f47f725e7cad9b49f55ae6f1dd6ca6a1b44877ab73a3561cfdff238a35b8f05

SHA512
b6dae3f80361a1f5836f595c1923fd97ce5c9349cb6bcbf68a38dd731f1987fca02140fa94511b085c87a4d1823c35081b87e59599d5796c4b0b72c75b067db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
4627eb4e72d8a92cd4d57eac1f60a4da

SHA1
2e8db0af35d32d6849e4d0f28c3b109cdc04e503

SHA256
87b6a90c441a63ea8edb9b35f5f87dcc0682c3d8dc30ea639a4e15c652f7cbca

SHA512
ee6ee6d879a58662b3fbb1edd73df3cf3006043ed7f7eb0184b34da40711b5e6fc123387bc23922794b6174d1d20e0baeb45ab746f369ebe7230affbc049d945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
d863725a7bd06aa4ffbfe645374e0eb3

SHA1
73c66d18ddb9eeddb667a6b87b823bb208779982

SHA256
3ec5544491697da964318c63b7e8aa3494aa06f8592d9a5afac67b47637c49ba

SHA512
36a92815a5a9baa7d7e916ec4e3daff40a8e74475eb93520130756708bbd0bceec70f34239a16b54f04ac0cce93f941fe557b9ba8cc1d6971a169c4d413cc516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
b581b5af544249827925fcdd72ea09c7

SHA1
07120f741a3bbecea032d5b0d5ba478d4a6b8171

SHA256
afabcdc659bb0c93def6c368d7dd2983af8a8c9ba76567d5fcb18f6a9f046087

SHA512
b7a54900e164da14c911bc378791cc13563a7a1d1d7406b081db471a35a78afad1fff9ff67913db305dc670b1a5d0d2d232c15d33a253cbe7edf018d28530262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe574d35.TMP
Filesize
97KB

MD5
139dd5c77dfd5914e61387561f186c1f

SHA1
e1c799de8fe4e94e88fcc81231997d76746db4c9

SHA256
63c01adab35c4598488c63cf7c38fd68a794ca58f7df96b03be445e21b4c03a1

SHA512
140b8ba093c941e19277d2c6e9e497b6121d36016d28dd6d4aa854ed82312cf778ffcbc6531758b1adcc5ab4764c8c72eefc1cb7aad46ce7ab194016a0c5b403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1172_RPPFPUDZKANZDRWP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit