0efd7d7c4f0d79d878008f98556127f1f56a79dda0e8cef737749153b15d2923

Resubmissions

01/02/2024, 18:21

240201-wzk9qseaam 8

01/02/2024, 18:18

240201-wx49tsdhfq 1

Analysis

max time kernel
91s
max time network
92s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
01/02/2024, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

309KB
MD5

50e09af0066496b0c8ec4557d1f08f01
SHA1

7c5d4f6e9911927ce1d79f2cecf7dd38ab560790
SHA256

0efd7d7c4f0d79d878008f98556127f1f56a79dda0e8cef737749153b15d2923
SHA512

c885f332ca5072b147ab02630593da4ee65b8b19e99f869c5dbfde1cfa8dc5f1847b789a9daf2e21bafe6d40462d7b96e3e14f7187799f9a99e63c4b2486651c
SSDEEP

3072:iiRgAkHnjP/Q6KSEv/sHxPaW+LN7DxRLlzglK0puu:fgAkHnjP/QBSEcRPCN7jB0puu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133512851883409547"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 832	4632	chrome.exe	9
PID 4632 wrote to memory of 832	4632	chrome.exe	9
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 4792	4632	chrome.exe	78
PID 4632 wrote to memory of 3724	4632	chrome.exe	76
PID 4632 wrote to memory of 3724	4632	chrome.exe	76
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77
PID 4632 wrote to memory of 3284	4632	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff92c689758,0x7ff92c689768,0x7ff92c689778
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:2
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5040 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5004 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5432 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5208 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2956 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2952 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5524 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4724 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5256 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5560 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:8
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5560 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5524 --field-trial-handle=1788,i,3309670138467290826,9811139525042570737,131072 /prefetch:1
  2⤵
  PID:2388

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7b8df9c830d67582e529549e583ef26b

SHA1
db76495c70e2df93ea1bc9a3c3d9f88ed495bae9

SHA256
16d7fcba34724dfee49b2602a17f1f5350bed2630573da7a2db6278699c12f33

SHA512
db6710231b420bc517976bfb72350c2ee2c287c312374caf245f3ddd22e35d6195687f27ba8ce9a17d7d5ce9447cb844a9ce210e6d91535bcd76af73f6a57aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e1f128570ed4647650b09f09727901a1

SHA1
ff11bd51c04aed36c59885508240e0e6b7fbdb27

SHA256
c216e4cfd5e6edee6ca54b8ea3e15a6743c736e67c17af028983b45a0c59ab3d

SHA512
512d6d38c3b519cd38a59c266d25b5c96ad6e59739368484e528ab87117df9974d1273b480ac4149dc8c961bc65da8046e0355189937e766fc0d972767fcef7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
d451d81af9b33677cb5846c3395309aa

SHA1
c5fa4b279a2cf334e2e33ba08cbab40634859329

SHA256
ef04adf792c5711d2d07923bdc613baa0a3997e438aabe15e7e076c5b8a22bc8

SHA512
784ae8d00eeddb9c5ffb4af11a538e92bbda15f6c2e48f153c0f3770308c92febd830f36b7dc82cfbcdf7b69490124f5c563a76f8c00b31954818d50291d2981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e094993218d608f0045a0b7cbf725752

SHA1
752fb972a58a362ee2678171529c053de112a37f

SHA256
04035898e581c94e4fa9f4d667c1026f4580a2b57626a134b3227e27ce97aeb6

SHA512
411c7213f5df6d34a236138c342a4cd4372a90ae2d4dc9d29c4741da3ba01604bfb1f768c7a73e149c056e2ee0bf950a5f116df6581f3c56e5d66450adbe2b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
948618fdfbf411c5bebb2dfdeb156bd8

SHA1
3856b4dbb5fefbf68f12edeb423fa44190de685f

SHA256
3940fa132c1f60c2dbc157d809aef272edb8f549d48a931a2e651d80a1ccb460

SHA512
13df59885199745de3b838af56d7f8f7d7bba20ec6eeba280cad851a88a4db9f980fa3e049ba095641925f9ec2f617fec8c52d9902afb016fe919739ad7f4b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
492970eef8a5430b4139e5d3e747fff0

SHA1
75df794efbb388b37510b205444ab80819a38f39

SHA256
e5df9b783a897ee79c91dc9a596af3b6057a80e5b700c5a76890bebc61d43394

SHA512
1dd6a5868d0ac1fc2c526f964730134663739f2d4e4a135da28fa787a2be2598663c5942d82c155fa9283ba5d117f84884944b01499c38a9185b4602dfd0099c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6d83a30d3a4a5d2185bd7bb892a35904

SHA1
f971fdb97d39481c492e4dceec7d279f8c836b75

SHA256
a754802f3abf4b28cec6ed545498c77ae8eb94316d96e834047dffcf55ec336f

SHA512
38724c9dd817d7233ab6afab41d5fab148a1494850a468b80c4213ae3de1e59d3478045a37b23c62aa7ed98024724ed83c940d54230f649b60b0a1bab1e137e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
d57bdd8a8bab8addcd5d8995c0ec67f6

SHA1
cce34eb79e619a42a674957612805da812ef2187

SHA256
57591d25da15118090e8dc9b8bc455f92681aadfe05a6ec088dab357cdd4c81a

SHA512
2ce7f99baf784d6b8077625b95e497bf0f67f60d14f561f143f7b4cb4192370a5fa140ab314cef39252f6eac9ff511b9cfd19334dd373ea20c5eedbb6b62d87d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3205ffd34d2353257938710af1271d31

SHA1
0b56c9cad1aa8b721eb384485bbfc25ba4fa559d

SHA256
e77a9289f03045a6a92fba0a9ea922393180a7166505f1af0ea311b5d93448a4

SHA512
e53e84ef006a9003b80e32f917e5440669cb637bb6b2a918ee0ae4fb9e8185fc40d17716aa42b68d44d2db957509450f4848082fd2f38e5899823d06bc9fac55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5f7ac9da1807e80d94e6731a11818a32

SHA1
7348849a1e86c95e59a7650615e70d7fe58ee6d2

SHA256
46352a5fc6d8060d287063963b4637421562a14fbd58113432372936c84e1eb4

SHA512
65b5ca4d14251b955138de69c6b57cb6bc4096b6e83e368babb8386f6a1fb9b3749040915a6c0ab403a51cc3ca478d8d89a5c0f201b38557070e1fea8d6e9b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f2fbe6884b3b209e8d46dc8b039bd76e

SHA1
85de0c8f9a24f8c18588d311b05429d111f9ce6b

SHA256
3069d0f7b85162b1c21471ee3551a1bb5b8167ca1e5be35036fd0aa9cf16c7ac

SHA512
ce4d470fc27568b4c60cab0a1bb505f3874037572c396d1dbb534dea9e3dba26148ce2bfe18a4d6c3e44f476afeed1248e2ca2432194639fed54793133473039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bd8ee2be6cd2e4971ecbaf5392ac3f7c

SHA1
f88fcc11530c280485821aec53f7ff57bf63ef42

SHA256
3bf52debaaa8a2e784109830e5fadf422451c47bb14cf9416a2ebb18bd7b7499

SHA512
58a72ab627bdb5cd19ba896cc8f61eab11ba4eb4a72b472da4ec800bda840b9ab651698df4a1f6c9b5e74abaf4ba0bdf2245f4c0367a56b18e633a8119eefee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
72ae8fa311b03d99b6427cf06a08194a

SHA1
cf6629333fdf554aec80129f364fc9f2a8b6e839

SHA256
fe14faa1ce6befd52ffe3d73b88d3872b3052c59d63c86f7e6554de20f61dd90

SHA512
b5eb81a118226490eed63e6bc669b9e2f53f48d3edc2988597f18b8b408d2e58ddb45ea75039c4233656b16c59e001d2de18bb3a9be1c912ed9d2a08317b6f42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0a0da3fd94dd2dcf09e8c6ddf602b47c

SHA1
2886fd79bf5a3004c720feb3927c3f50c4f840c1

SHA256
647961e44ed979283ff35e5301fbcc1cfc99f6d8e56a57c5f912dfad7431f39c

SHA512
c44a24bd1535087f8179dd1295858025e22d363b8b0d76a49265ddda80a03ba9a332ef5a25fcd048ca3fbb292159bc8d18e7d3b4436769843ecada84968c19a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
197f99a6fce2376a81e43a17cc74cf88

SHA1
025200d5d9e675ff59b627fbcf47dcd5d925862d

SHA256
f7a4dfa673f1f1b535a99f887963dd1fad4e1410476aedcc07c13ec482011246

SHA512
75efcd45486da6a319204b1005646c6ddce190143d2c52807d3bff0d890ae74766aa25ff8755162fad6d5dec313595d5fce5ee26163d14cf7b3cf6ca8a137972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
91f3f8c5c6542d0b1b844478523dc754

SHA1
492eda88715643b8fd8c95d1d60fe47003886981

SHA256
1e24c8870142a6a3476096457145a3b395717bf579cba3c3d936503be2ed62df

SHA512
0163f9233e9b4527cc998414baf4e6e58e4a1a32c8a1275d14c2cd6288fc2250faa1eefcfdfe99a15654e88069abd33adb5f7981885265c3e9c2864cb7d3024a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
192cd99528f03479d4edfc20129ee586

SHA1
c21955d44e438dab6705f28d54e6a5f05dde2db5

SHA256
41948eb669cdd423542739869696c173fe470127b10dc727cf2ee4aa24f8211e

SHA512
41e0f71e55bc0e8171541370a2599bc639cda4b46625a9dde2c319f9334f1b0db883b35f9b14e1bf3ea01c684a87a6bab1591700716070922f605499e3a9204b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit