hxxps://google[.]com/amp/Nosorh[.]nakusatra[.]online/login/aHR0cHM6Ly9sb2dpbi53aWxtYXJpY2htb25kLm9ubGluZS9xYlNiQlFpdyNiV1Z0WW1WeWMwQnViM052Y21ndWIzSm4=

Analysis

max time kernel
270s
max time network
266s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23/03/2023, 16:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com/amp/Nosorh.nakusatra.online/login/aHR0cHM6Ly9sb2dpbi53aWxtYXJpY2htb25kLm9ubGluZS9xYlNiQlFpdyNiV1Z0WW1WeWMwQnViM052Y21ndWIzSm4=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240678487551144"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
1944	chrome.exe
1944	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 1340	1500	chrome.exe	85
PID 1500 wrote to memory of 1340	1500	chrome.exe	85
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 3176	1500	chrome.exe	86
PID 1500 wrote to memory of 2388	1500	chrome.exe	87
PID 1500 wrote to memory of 2388	1500	chrome.exe	87
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88
PID 1500 wrote to memory of 2316	1500	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://google.com/amp/Nosorh.nakusatra.online/login/aHR0cHM6Ly9sb2dpbi53aWxtYXJpY2htb25kLm9ubGluZS9xYlNiQlFpdyNiV1Z0WW1WeWMwQnViM052Y21ndWIzSm4=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffd840c9758,0x7ffd840c9768,0x7ffd840c9778
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:2
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3208 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5436 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:8
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4536 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3380 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4796 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:8
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3500 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3340 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4456 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5024 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=920 --field-trial-handle=1932,i,13728172498575173430,14316315363692215127,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2372

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
162KB

MD5
4043af37a3392a9db521ff9ab62d9608

SHA1
83828688e7a2259ed2f77345851a16122383b422

SHA256
ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321

SHA512
97a9d37ec02796cbca922559f384e1632c249d9955022578c14e046f2bfd9f84db113cf55899cfcf63fd318fbee050f483d04ae3156220ff2f0d364f989e680a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
19KB

MD5
e7ca24dc3a47160c9af0d45e48f1f911

SHA1
c689e79b895a18c9f1334d6eff56744ae22739b6

SHA256
abb85c399c274734c689156024267ece39c2b96d82c752065c9a649a8abb4c42

SHA512
1b6c6e386b8ae1202e7699b2a56c7573ef44661c7c4977b0a9e261c576066ec3c536ea94c7a4cbb5d70ebef2405ad71aa1e3a10c2a9340c69831db53e2fccabd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
bc697b858b3fa00159e7d3eaeb11afb5

SHA1
045356b89d00102eab687489b066908ba3194573

SHA256
41ec20a2f4c8ad6cf04e299b487e2262ecddbe97b792827060f93eadc1ad855e

SHA512
73ec4299bef542215cee2109aea75aba4034ba357e97aee5ccb99383dad79003d964ab8ea72802216c2cd9922f9fb94aaa687a1319dddbf1b09f6f116807cc62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
2dae4b9f97e73b2eb869abccae3bd2dc

SHA1
3150afc73e510aee7691fac681136d51d977a6bf

SHA256
a6a618fe2c4a2fb8729abb7b32170fbff73199dc2c5fa593db1df914b0a70af4

SHA512
a02d415e225c58d133507fbf5e6cd144a46c275fefbf3a0ee074a022221d7d1f8da648bca130bb9033e9f8aa83db645b0a6e6dd01bdf5d233161e21dccdb4103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\682c4ab2-8751-4c51-9757-bb060641d247.tmp

Filesize
539B

MD5
0b9aba5496986cf3760197f2ebe85c16

SHA1
386e1e7f79198716f2e39fe10715fa6b927e4d10

SHA256
1b0106ee2d2556a0f9571554eb34eeea4bc882e4ad3e0994b24ff9394fee4a44

SHA512
a98f5263c80e5d0a77ba5bac665d1813b43f0276baa61a4f8d69bd44b4cdec90aaf232daf23c12adca785341147622aaae1125a2f946f40529a94847770d4d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
57d18c3fe52c8bb5484966526f411c97

SHA1
964535a26c2fd16fddeb423a2b2e96784f163353

SHA256
7aad1e1ef55b7168a5b3157a3f26d2dc149d3ae5b32c03162f9d562cd653b507

SHA512
ac75559adc392ec27080474ff06f099a44ac944bf2e67d99d8acbca4330eab449bcb6f082956b63d5ee6c2c8bb9864ad5119895786c5f3af02d42aa72897a6fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6b7836ccdea165f752de358c3c3f477b

SHA1
ea72746908a5b719468b3b13ade303aaa6a8eee0

SHA256
1d76115f5ca8d8f1c29beb7178556df33a738a684652bdd1b58fe1c4aba5e9fc

SHA512
55f4d12d398f5b4cfbe994c73fb6fcbda7b8d32f042e921223a39bf4ee09af4c11cefc7293ad32f5ef81e17af77900e7df6fb17c7d7a8ce4485ef8f9da77851e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
423564bf88fbae96f522ed9ac0a13ef3

SHA1
c07da8971b9a1abe938fa6e21a20fc188b8638ad

SHA256
59be82df6006e559a1d7f1c1e102ee532c06dd732fd317ead9097397fbdaf410

SHA512
b7e082cc1b00286eba53c0e7c675ef2c06d287d4fc155db96368de7ce0fd72675fcd89a018e9b9c2978f6045f4fa2a0cadc8b522880ea376a661f51f77f91fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
7e8aaf65b9c5670f9b6162ab3d0561af

SHA1
7a512c0662cebad8ae982299f5367791b03248bd

SHA256
fa5a42c47983617a880a956661dca9466a39774dcdf4a534b04f0a6f786c5377

SHA512
550840420b1d62e5d2fc7c2e08120721634affa086f40fb203cb2c6bc75c3760f02a55a67f6e471ea1dc64f3d22d33d6908c8957f84acbcb9f6850fb9f3af808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d691b7179c3ac69fcb7a871915ed54c3

SHA1
d89eee603c7da4e8f977ac3b79d686c4b35e2a0b

SHA256
297a547cd29955e8a993988aac65e0cdb1b1969b9ffc5c9ca05e3f8b509b9d5e

SHA512
dc23773db263cac4813348307ff0eb7feeae20cd7113cb9b0896dc835bd49b76b877bb26d432963b8dcebd702fc484ba805ac97bf2abea359a098e5f77cec78e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
31ff7c7303fc638dc6350e7e04787972

SHA1
c1c5a1136cdba4d28927ddb343af6a37dd39b9ef

SHA256
de4dc14f9a6f33c37d7196a0444ba4e1f013fed80c069a54943856496d171ad6

SHA512
04dfc90ca0d50eca09381725b962d1119b7f62e3fe01163ab84678b34b467ce86e6b1ab72a036f5ee858f83e0ce841329acfa8844156e3abbbda719b36a44d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4b29251b690128a268bfd5cc6b536230

SHA1
fd19bd5b349a12bed4307e18205f6ec4d78ba53f

SHA256
01388b1009f230908586a1b2a5c583c4eef872b9cc5fe94fb707b7524659cff1

SHA512
e70a6943181c8a08515127bc1969b5d6797f7c41e0508b72383ed07ef750d48aa45f36c15ff59a40f52115a1e750f66f6af38e7ed16065eb73522d8ebe56273b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f9eefeae3d88e6f253b5480bc49dcbba

SHA1
37a13f9bdc27a442261ad59b586db476cc3dce6c

SHA256
c67c66724e64cfacddb1b3612cee8d9c6ec7ee2162c06b464234b445eeacadb9

SHA512
6c27a02c2fdc7c9d3180b9724dd63b3f37ed15cac33e56a9ffa4e8f62c47e4466e7753ffeeab7a64fc74958f216c6bec8d490a147b52dc36ac4b0c5a3037f676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e54e9955d8121483df0c5b95813e01f8

SHA1
fbb7d76ae4689801f15a8695418e76cc534896e5

SHA256
5cfd45ab9bb581805434cecd52252e6dd4822b728aaa351a376d9887e61622db

SHA512
179354f8fb15ebef2b6550f5e050356f4104b635b453de9a28c7b1f67e58005f7d481ce8ee282eff6bc022409471ded16bb98c7fb0d964e7fd2b5bab9a9c098b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
358621adfd9fe499762601197d67fa8d

SHA1
d04d5fb3921df33881ff06a097a6751930e3c5e6

SHA256
3053444c8d44a37946bedb08f54ff201c499fd32cf77ecb5e0e97cc757c9618b

SHA512
76c4b4f28a82c2176fbec3ee81730d491c937dac4cbf9b5adad8c6939e0459a179b81e807c1e9c94a3af833546b77387433b3a0c9777976c62b37a92491f5ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
41437e3cf066f798adf170299699d0e4

SHA1
fbfa44f3a216f18c341ecd60e38405b26c126b6a

SHA256
3142988ed1fa2b54547537208e4a84262b23d100c1647e7a9b8258f1b0183d2c

SHA512
9e0f3cf858a4b78010d6cd49ca0291031ea6b844154fecef9935ce745a55e8a4937028762a6628da1265ce9f6b917e0023ce43d72c1b3e7ae8ff3e26b8242774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
4bff95214d3ff440fec7f96ceee18a43

SHA1
fd4066cc0b03ca4b6038bc08f3e12271512260a0

SHA256
28a36deb3683d6a96b4b5a273d92d5fd74de6ad680b2866fac6807ff707ad148

SHA512
f99da6f6ad1dc4acd97aa77e2558ae4ea746ab84fb10344e7db7a7b7c232ce07a36e482020a679ee54dda6adbb86265ee24d5fe52c1876f9a32141255d6d2b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
3505907159e990500d19422576162581

SHA1
717a665ffd8179cd1d1f1a20ec5954178d97e42c

SHA256
abeb4e3d2393eeda028ec141248e1640d775a8d3692f0b64f7a6a4e133711551

SHA512
559bfac0eab43b227fb134598ee4d53826b2b7db6222b181a5b46e857cf1cd40bc3d74361f52191f229c8c12cf7bb35015400005fa5383010778d9fefed73f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe572fca.TMP

Filesize
99KB

MD5
9de7b73c1e5d3600e9f3b8375570abd5

SHA1
ba2be2986ede8a9ce5a6eb157af348e961c2bd9d

SHA256
46fa420a62d5ec0e435fc8be4c81a0767a827ecf9909d9d69dba026e5857e6b0

SHA512
7a8da64c1b2e39c7df02a164253ceaed203df6829f6dbd145dcac8364f84ebcf2b0746a7cb7ea727d52b693cd36be10cff6d805e9d7fba899edfcfcd01978da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit