92414b1984ea5d7460ad96d9afa05dc64b316978b9c5dbbb612f0db0d26da39f

Analysis

max time kernel
1800s
max time network
1695s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
12/12/2023, 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vSdwxA1X5G-Kelx.jpg
Size

46KB
MD5

102953d03e84f90cb68501cd3b7fee1d
SHA1

3ce2cc006affa369f37d335303e26ac57614e713
SHA256

92414b1984ea5d7460ad96d9afa05dc64b316978b9c5dbbb612f0db0d26da39f
SHA512

b189f1617edac29ce3044df370120040774e6b2da6b1f7c85fe4394190dfb6ca24178f6b7b0418996db5c60e1352aa8993823fd55150165c386caefe1039fab7
SSDEEP

768:S4Iw/bQUbv445oFFidIT3OKCIC2pBtqWexGjAeKT4iCr6MMk5Vn9F3TqQp5j+H8P:SMsev550UdIDU2DtwGMLTMr1NnX3+Qp

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133468677310776032"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3455265224-196869244-2056873367-1000\{96EC04CB-5F1E-4B02-B4F3-1F853EDDF977}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
2724	chrome.exe
2724	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe
Token: SeShutdownPrivilege	436	chrome.exe
Token: SeCreatePagefilePrivilege	436	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe
436	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 2528	436	chrome.exe	93
PID 436 wrote to memory of 2528	436	chrome.exe	93
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 4140	436	chrome.exe	95
PID 436 wrote to memory of 2016	436	chrome.exe	97
PID 436 wrote to memory of 2016	436	chrome.exe	97
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96
PID 436 wrote to memory of 3968	436	chrome.exe	96

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\vSdwxA1X5G-Kelx.jpg
1⤵
PID:996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9a459758,0x7ffd9a459768,0x7ffd9a459778
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:2
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4596 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5056 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4908 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:1
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3352 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5484 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3668 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5656 --field-trial-handle=1868,i,10858865816561261165,4829751704503935744,131072 /prefetch:1
  2⤵
  PID:4980

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
7da78b5e2efffbcc0af8862175ca482e

SHA1
fefbb832490a0d4ce2c9aa6c1014141f78a7c95f

SHA256
d81e85fbb45fbb981a887603f0fc9c2b7ac04f370af283bf964c80f6c2b69182

SHA512
401345457a073065d494cd7a43ec1360302aa6530ea42222a3155d5546efaff73e7fdf72301940c76324aa3fad30f9c2856e026fae1862436c20d1bf2208d808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
e949e391db7915660709f656d339607d

SHA1
a1cef43abeb6d09e6dc7efb154edf147f3305af4

SHA256
cd7749008bea1b5209424692ae7f3a956ebbe6855c55089d412885b25c0fdc16

SHA512
25815b497c93c405150ef1ac21be0975d56897f0eb5e2d5c3e1548332fbf3fe236f316abbfe0e6ebb46d278ae1e989be0d8667b116ad3b605980769ddd4691e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\47730b0a-d0c5-4255-8545-c9c5afd6eae6.tmp

Filesize
371B

MD5
78f5fcb94adbdcb6a2129c007de62f76

SHA1
e6e4c7715553157da0c0074e91a4ebe28c4e85f6

SHA256
9f96aa4bae9e8d151c2b6298f923326c33ba2d912aec97305795f4292d0fff19

SHA512
bab0cf012186662ef947ea5f7397e7c2ac61637f5d68025054993da8223ca0335d10c854db7c17033bf61ddcfd7e6b524ad864b72db1a9a337614a6b87c65569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0dca7e59c4e97a566bd21308c15c87e7

SHA1
72707c22457edba00ea876cfd1c4e1394b0aaa48

SHA256
631ab29a15458d11e5fac682856f5423c45e4304d66ad52a97baf02e319d6090

SHA512
17397329d6417134ad23accc620f3f1fde27984893ca5c72053cd3b2d2a5551c54dba2ed09dd42a30b0d9109df74a024518b73ec5b889ff365b07627ad9ffb9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8d16091d21ce2ccea9f72e04265c5e75

SHA1
a7433d66beae881700fb40f347ce3c5d7014ecbb

SHA256
ccb6a2316b412f87e752fb227f11563ae546752a77b58fe8aa345f2dde3c9664

SHA512
8388f12129686472739643baedeff1fa8741bc95bc44cb588710975e7d0ad92625a5cc1aaef2f007400081ff61887255804ef1ab152612fdc066ab9a65ca6d1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8cab7f4c892af6e859cec6cbf85d5017

SHA1
ab6cd9d62be55854fd37d471d1a01dc9244010c8

SHA256
7284940d4f8a19de2d440c2fd671a80f14b006521699e6602c30f920d42c3cbc

SHA512
9d91e65e69b908e74d82586e4859f5ab5be4652a5848b5c4e21d1d88e05b8e9238e57fc0fe39378daf7a76132d85696fd5da9abeab68343c290a71abf4932573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4c54a8bf8f905f46f4ad7a3133226750

SHA1
1929be04e514869cc0d603eaa897d40531aac2a1

SHA256
4ad128de0430d6fde7bcd63ecd46915bbc314a36f0af86335ba1016e26685b2d

SHA512
ff8e575fc329dd106eefa3527ed79ae2478477a3941ef8d7d1786a97d562e838267ef7ccca6f66d2c4c12cae79a47a34c77307fb9fc7e7cd40399f507b42d1b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5f7299d3a9166fb74b72f8b161bbcae6

SHA1
b284b16e70bccd1ee29b9b72913f361a0cca6ceb

SHA256
8b0d155651c27df905fdfe5c6e0a1a333eaaa77a5813be11ed8ad61ac899b86a

SHA512
09aa8fff6bfce8ea92ab51223d9f1f09bdd698a11ced8209a60a369d0b3f21d973b5633351795b593da49d082932b099ec9b7a2a1f61b05a6bd68dc62f3628d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7b4e5107a8251e81dbed1247509b45fd

SHA1
871172d94d51f2fc9863e969f95a30b1d7277f29

SHA256
a91dbe543b084c24600cfdc8b5912d6d22e8421e6db05965b94c5dc49213a6e4

SHA512
fcd3a488e43d9577070eb397227451ea705894c6e9a8e14816d7b32c8425869d64f858b9c2e4037631f5bc83ba61d76c970385a9d4bc1736e1e3699babebaf60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d5671a9b858ea98feb996c17d14db828

SHA1
ff391615a6fbabe3068b5012890f5865b1cb5034

SHA256
330cce05553f8a8790a7214384c8b3455c50309fcb1fba778b52b96ded125c11

SHA512
0b6d053ed9d2f2b64871caac497cbbe8bdde9923e93950f34844f1565bd01b28a2a8e42eeaef5a4e9b98516a655b71cd6f1bd16770b0d4601aad0e48564834c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2f8db69503abc20a71188dd2b50b01a5

SHA1
c1ec3b7ab413b9f32adf9acb0cf336ef4a79c2ce

SHA256
53cc6b77aed96b319f16610d694b7d21f55d1a26b71fcdd4a05ca0389883fe99

SHA512
d22f7070069c86ca461e2692ad442fed46425ed8299583f7d2cb37931f2955cd864073cb12459a7b9d5ac2eb9e3ec41e6dcfc08fefba59a74493e74402636a45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d9f25c930b3bd908ec050d2023ec9c6a

SHA1
ca199d42f19217a539b57af16f669ab68b26c424

SHA256
516cbc301d93bfd510958067939347afb5fa73642dca2bbefcad07e838bc2bac

SHA512
819c33592a7ad959ada1351dead30c6507c5c77638ce3261d346baa9b40d4cf878c90a49f6fc393fef5b0a61400136a0e8bf40f138e40bd04c729ca47095ceee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
1ec45fd3ea68b4d1e1945f069de55eab

SHA1
3a8b62424d3d6d5a1ef9aec6a7d5ccaa04b6672f

SHA256
c1bcef55b018b4d79ec5510a77682c7d00ed2c2d68ee5d82b12fcfc798920efd

SHA512
902e3ad2797111f7487c267faafd3871a2097809278dba8828b404be76ece95e99a1d4706ec16afbe7e676f1c47670ae2f0bf16bed1cb22800c63d49d4c4a2d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d5ab3ed790444e1ee4b678a36a283261

SHA1
400db4480d56d92715f5e081da0a91b83e0dbfd7

SHA256
47f4055610daa7a34962cf7acd699cccf720ca78b3bf667cc1ca9efcf79a25ba

SHA512
ca17b4b8af057011e612681c4693e9696b6d4c7cd2df01d88d2feaae1fe26ed796e963990a4bee9ec19596973e1507f0f710d59c8540c108cc993a6c515f92ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a8b12e8bcae5351b882b76a81902dafd

SHA1
d8bdcdc9a1e4a8ceac653df5dd445227ed3a0610

SHA256
4190b38f566ec7b7f2fe06f51a51409cfaf35252abcfe3dce116e64a6750e8fd

SHA512
77a644818f3f90442a752ce6ec0ffff3004e83c3d6fba0e596982084b8fbc4d17672b8f12c86675361c6d4b42df0649b9c8fb60f240c5e1f00f187d8ca8cde31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
1164beff2a1a46d280fb9eb29fd2fd7a

SHA1
cb451e1f14fb33fc8ee6e6e29d24ba0e2d32951f

SHA256
21ec38a3c4ea46c3f3d9baafe519d37bce7e779065510c8b81118a1c9b483af5

SHA512
6bd9a47daa673d3e8efcaef2c239a5f12df56130fbe6550d47dccc05787e76f313987a06ced2f5fef1821df0c2015f936d559912c6f042d0b94b1d6f730a07bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a18b3f627662526abda9e3fd7c1057f5

SHA1
f49cad02b8b2f693b3d7427d55550c35b11ee069

SHA256
6e7bfe9126fa7097a025d4705779574624acf7a88011119c49cf8d346f9dc855

SHA512
2ef8628caa13ed6e98b9ff2e729580feba336f9a3b83fb7e2d6f136de2da03f20db23150044417846edc8d9b109f2beec5148f2c2828d16faf61da55b7cc4f42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e159dd71b02152aac51496a0f6c64d3d

SHA1
2e3060a801c23d43c1673d86d253c7f774757402

SHA256
310958d3244aa75b4b002314aad6fbdb00202ffcb92f3cd3db8dd2348464a155

SHA512
0ebe739b9986c8d24be811b00cdf1ff6bdd37930d72948aef2eda8d27a4f657e0e6b6850f3325251f39b2fb8ee2a29e1eebdb9a81669df4d06802d06b69e67f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e0ffb80af64484ca5df083007144f136

SHA1
d2c633edf7fad15187921d4595129b6af70728d2

SHA256
693f08d6dfd6754f5bfb1484e166c5070e15e90a691f748b32df284c8fdf0124

SHA512
6c81b21b8f6a8fc920c53e85f6dee86b0b6e5099cfdf921f6a677533250b214a70cc1c4b03614da4feb8d008716069040eabcdf406e56cdcd26223b04eba059c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c8160381-acb5-46f4-b445-3b8dfd204fbe.tmp

Filesize
371B

MD5
80953b34cb9d3c4256488ae8bc023158

SHA1
db1493a12522740da7b9cdfdabc10cfcc96dbecd

SHA256
73108074cec8146a32968a0c8dfd38771f0e289aa89ed3a089240b2faf0a223e

SHA512
01db4ac261439c665924dd1cae7f9aac528237ddbf5bb409cc629cf3bb6e8dcd3952169af73702dc0b291d4efcd7842dfb58fd840c4009f800f585fa9f13f242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ed8638cccc0ebba2b1bc462a757641a6

SHA1
f7b65092d01ae865aafb66a831afd3f03630fe43

SHA256
62646b3222786998465a7a24c36686ffe0413eae75739126648e520dca8320e5

SHA512
64067f06f02a88df20df9dfd7533cdb6b039a9772b6976cbbbb0944fdf08607992b2a2be1e43a84525182eb9dddc36fcb6d16b374f2d5e80335b1ab02bbb35c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a15d63712d8e440f61f752d93467cb65

SHA1
5d83968212af2ea39653d3bfce6f5cd845b5c3fc

SHA256
0e7e61c9cacabe9d93cc6cde22b80ce45bbb0683ec78497e08f34fe2a7e45635

SHA512
9fe730c8d552938d4b03e232082365d0894fe7d0b1094373b91e29bb05a6382a3705cb2a0e906c6d8eb09fa8896be71a621b206dc4f150554b66265113df7c70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d8ae52335a1b34a3de369344a417d45f

SHA1
bf6b943237261ac2624b66253fccc2c946b7d773

SHA256
9ec66d19b9586acefb283a127fdbf04d1ba6eea322df505930105ed42a32b0ab

SHA512
1ebb1c938fbaa9a735859171754c716db9065fb798f781fb7ce9b269338b6af7d8d858fe47fab2fe3a3c28f25a1928ae95cf5cbb1b4a501ec171ff7f505b472f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
309bd3cf14526a722978a3b78f7b9a84

SHA1
f2be4647462b416ee2ebd5b05e2e925b9acc6309

SHA256
5217b4e5a7f25023dc7a1048e9a370b9bd0e993e5c5e120684d8913f89f19531

SHA512
7a000137688885440db62b6dd660ec5fe0c9a9773a63959cd0a18f805c2a2757322ae78277a58a3f2f01fbb853455c48dba43c4c38eb94efca9125db345b1988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
aff4384f8f59d21c3d49e3409f7e345c

SHA1
75a1ff5fca5a5d300d2ff9f056ac4e7126d2a324

SHA256
2ed562ca098db63ba81534d969449476ea84d8fa6e406041e527969b5280d73b

SHA512
a3473721dee70c9daeae3fcf5b545d91aac69e04e46253679b74493059ed45288daa7f8edb3d6072eaddb1cfa2c732c3ebf61f9611c817b4e152a7d29ffe9a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
225KB

MD5
27186aeea58f59d6379aec5f1337ec93

SHA1
a81d340605cc9f3ceb42094b30a83489958d5bac

SHA256
9c1c4aa5b2b3654c074a79c58a287afa701dcd7bfc96ca30e030030df35c0cf3

SHA512
6ea255961533165134ed5fe48e7ef32ee3529d7d32e387251e65a77526dbebc4d5dde1c972f8dd17edc16c13dcca1585670990f5316e09497a375e215b2fb991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
28e1fd6fdb8f5c38e668e5aeaea366d6

SHA1
7a46c07eb503343b0d9a76737a7516fa7fe13f77

SHA256
a0021202f953d337b4e50166da40634c10f3b0c64e4bad80f588333b32d7368b

SHA512
ec5b17056b8b62eafe56a3b0a4689bd1304224e0d5045e7f38c33622b58d296e50080fb9aca10082e44d7139c90d0083a0ea49318e2679d948b311542d4a8eed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58be98.TMP

Filesize
98KB

MD5
8013ec27e324592a82aef893ea40a860

SHA1
32daac46f1e66b4d50bfc197d3bb4f1a2bef2da8

SHA256
cbd99606837bf2fb75012417e4c54c34aabdd5922f2040edc116b1a2b9b54958

SHA512
692c0791926bafd978123ded208ce76e48e4bacae2b262b53daff852ca4c7529476eb4e11e348b0500fbab73788844b591e03b6be2365a4d8462eeb4d9d39968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit