hxxp://jhvy6hnubgth rn

Resubmissions

28/02/2024, 22:50

240228-2r96safg3y 1

28/02/2024, 22:03

28/02/2024, 21:27

28/02/2024, 19:57

28/02/2024, 19:56

28/02/2024, 19:08

Analysis

max time kernel
1379s
max time network
1162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://jhvy6hnubgth rn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536342252671174"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1016	chrome.exe
1016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeCreatePagefilePrivilege	1016	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe
1016	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 4540	1016	chrome.exe	16
PID 1016 wrote to memory of 4540	1016	chrome.exe	16
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4420	1016	chrome.exe	94
PID 1016 wrote to memory of 4444	1016	chrome.exe	93
PID 1016 wrote to memory of 4444	1016	chrome.exe	93
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97
PID 1016 wrote to memory of 4920	1016	chrome.exe	97

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://jhvy6hnubgth rn
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ff952da9758,0x7ff952da9768,0x7ff952da9778
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3996 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3968 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5004 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5312 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4988 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3236 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5204 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5004 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5880 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3216 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1596 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=824 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5616 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5180 --field-trial-handle=404,i,5883238539368591771,1065639543572333682,131072 /prefetch:1
  2⤵
  PID:1620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
51KB

MD5
d9d2f331e8d078e078d66bc0bc5f8a03

SHA1
404f41b54b077c66b25d868b587e86d6ec58c0c1

SHA256
48c3860dfad16305f2c7df383601826c32c19856d05144bea01fb232e3ab10c5

SHA512
095f172015955315653c6b633234a1cdd9cc874885559008c2efdc24c446ce3611f61bb0d22c0d2f8b90910c212c15c26102db6134c97792862496743bbf2458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
70KB

MD5
72e7f5d6a841d12d5d48af73f01a39f0

SHA1
d3c08c97cfb9f4a99a521420874f062b69a7df4b

SHA256
c59b5a3019a6abf980f96b08471312bf3476cc08f7f332b496ba628b9dad2310

SHA512
4a0779ba041612344a019222f6133157fd74e9ade8d99b359f7446c4e8d312d839e569d957d259b262c243fadbd9e7848878f13ae7119e9b6db323b794d4f48f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
82KB

MD5
f14235447e1358a8a10eaf1b0bf7df56

SHA1
470fea1d0231682a1e24bc21caa77ee0ced7274a

SHA256
316ed1714f35f0167c9e5c5736be05c156cda0b7f8a829d3f9444cb9ffa1d899

SHA512
13b2baa3e67228d9c61c3bbe5d7fadaabe0c58c9b348eadbb2ce054075d208fd920ce2c4603a75dbf8c834b42b5c5dd698fd937b613bf0dc0e5cc79d864b343f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
32KB

MD5
9ce36050ed2b421570e80aaff20a7c17

SHA1
ce4d3e27f2f575ca3ffcc3b4afb70858b09144cf

SHA256
63429646a180033b26b60011bb8e0b1d1313ad9cdc89071c3a394c463c9038cc

SHA512
67a1460664f11e4252df814182d85fd45931d8493fbde661130c02941f13f2127b3661dd97fb4d804285ef416c4906d0c7c50958db1c1c536eb1da5271f2b86a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0b72730db2dbb18d_0

Filesize
320KB

MD5
e1f5f4a1ca32f3e3f8bdcc45ed66a672

SHA1
a2c57195096c2cf8dd51680eac3f90c7830a25ab

SHA256
9f4b2c6acbb7aa15b60d68e3282e91672a0f0892a9526cd5267a37ce07c749cd

SHA512
6551f2da8bb71a7232f024732b3e975fae7e14af87136cf0c645675b11ba361c273000c4be33d72157b136f80bf7781dcf5de6be31b8e1d17e38032ac9df19bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8869765962a93d50_0

Filesize
289B

MD5
9864608ff48e90b03a7e8d214a3ac211

SHA1
eb89feb27f1429c5f8d6792653c768c912c72632

SHA256
3192c739c69eaaded9073a33e98784015ce49725c2f35c2165b664365fcd3e20

SHA512
2456982db82d1e400d88cc3d2fb162a5d685cb6bbe1ce763dd7e05b412b13286964f3adb906155c7459132330b38b06d2d11d0b9ec8c79cf721d51e30281ff05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
82c889211dba2cbc4a61c0c71d2bf40e

SHA1
e3d7210988b2a1777adddbcb587b8071543eb0ad

SHA256
c5a3bb47c87a4f1c3675313471a62f87308584bb55685c39a0029874cac97ade

SHA512
02c6f10b232613780f16fce3e84c4a22b6ea97a7aebdc7b21e81dd9d2da936ef98b76c7f321ba087f7227178dfadc492a87454bcd206c199b343a9bd80685208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
09c346f87381847692543dd3c2604c07

SHA1
a325d20ec8f1de285bf3929222357584e18949ae

SHA256
6b4d812fcc2e8754769cc52bf5cda47869044684c3dbd3ff81c11eb85213eab4

SHA512
a57a837d3876abe96f90e7aeaec9653c874c872b067fffe9a1fd4002f46a5b9eacbceed1bdaa2f33c9b9108ebce1460a98ae75646afae7c30e1c438e19506d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d495c1ebd2251855a8a3b35ccf0ab086

SHA1
800735296ac1a9bddb1260c9d92bdc8040a6f910

SHA256
b47b16682fa4884b100067fd9348baf8611255432ad47f259a444185317b1ad4

SHA512
11c610a9b41148343d0d3e4fc6d0d00c16a372238aa9f024f57579435c18aa45b20c598c5581f8419064c5943a756199541dd10b5690c1054e2084dd4e05160e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e6775f96623a9d68dfd8a5bf7e069f37

SHA1
fcd264871a615c14c4f66ac080392caa29b1989d

SHA256
a67b6e131db2c33d5bf0465edb22877afb04ede8f6bcf2bd4bf8a4cf307f9432

SHA512
14f1c0a076e5ae1584836855eeba9862c4bdb8e412a950897608ff72f0e2b41b7b2441f50f5e890340e8ee39cf154c07611002f3b24bafb51dbc52c13a5827b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
be9be0dac70eac210953af6f0568b0e7

SHA1
8da8ea7214b272fbff717eb90ccd71ecf9e80848

SHA256
dc35b212b1a321b4a80217106061c4906e5942e67ea576f032ba7436b237c8ef

SHA512
9e40aa7d86dddb19c20cdec29d040d4c05e4947763651256c97009da3e776e3fc6dc40072caf686e6d3e63278932587a8625d202fd92f39ede223edbef25e40e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
643516d11fbe6d0452883e6af6809889

SHA1
16334a8c397cb9ed93f32e687b966bfbaa9d5758

SHA256
9601d28cde06272e659d5f1d96bfbbd8a58aadcf995d023835c1679b275c7305

SHA512
2b6c02042ab0902fb0e78fee19d34f60ff74872f822d97266e245719c8fb325a75d48309c20ae29e9081a02fe666abf1f632f6a94513490a005da5a19aa43ecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
ddb9125975528a653d29414cbecc98ce

SHA1
fabeb4dcb1984b9f3a6737d85e68ce17ea3857e7

SHA256
7a59f3a81ffac1901a7e42ce8f2c56026bcecd56aa57fcac0df653cea263a2a6

SHA512
6a02217848a908848d62b0a15b0b4ebb9d44be6d375021c24bd5a7f74bf7d680b9149d3d45fd77edbe155a0f10b3bbb065142ce3c9b22ddd75a51bb50cea60a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
23fb197787feb6b864a1fe8e0a6b72a0

SHA1
b78640186ca1dfec562a74c5bffc371f34e115f9

SHA256
b5fc3bd93e6985bdec1e3f74d976998743da658c0cc4e12c1bba1ec954277b09

SHA512
ead8670233b497f665b2cb604e1fa3e2728f62267aeb6ac5f4e6736a07bdfc89f4c47128b0e5575a6e6baeffb38be714ac9cd79342424249e941919289e26444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6dd49c04a04d0fcd0d2ea092e6e50027

SHA1
38f890aab762d5c840ed4a82d6983073d954fc92

SHA256
cc0c40c509bea9d46e7fee63fe9a5c443971855677ef9ee97e2603f2a29fb5a2

SHA512
c0083dabccc976481a9f85abee355bdac3856a1cb0c6b80fe22f21a5f9ed4dabb6c3e260d26b10f56644245dff27ae7c7698b73261b74a03bb824a5ad9e08c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
709f2fdfea86cca91c0cfb429bdfbdbc

SHA1
54ec9ae0ad9ceb3d9aa7a91e0510dd3cd80b859e

SHA256
14af7416996344c198061ee326b85acfe4920ed0643376e4061f8c1b5f50d6e3

SHA512
51d7f09c474c38f0d0fc7f025c9a36604f3650f86d539944f35114ade56f33c5ef24041a3729daf88a18a4db495dc98c3744d3b2c65881b2a510950b9362b7fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f763f2265b27ab3118d09b1cae068b2a

SHA1
aa430f9ff6c3e578d23628bb4c42dc8d99175067

SHA256
0cd3ff4e4ff1b9fb0203a96a2b7ccb6a5a326cf66a638061317594fee08c1e5b

SHA512
130d9ffd4879122ae9e273bf6571fc0cf49a3e5ea4428c16c03656c49c3e987e2848e45a3b5db60b3c9e3859d1d7dc1d078c81f707d71522631d928800f3b77b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9d373f67506a05aabb449f7aac9feba2

SHA1
82ce5a898eb445da9439b8748a83bf153c90a8da

SHA256
01f6c6bce7bc0169b772ad7fecdc82832f17078a2dc87e7233823afac908c4ba

SHA512
8469198ef6c94d2fcbfa974165251f25044e224329d4b3abb24cb1634b9b7f0a40b57c19104e8dc3d55dc91b1152b4fbd65c41a0c12bb57e4eb5bba473ed5df5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
49ec784a8a2c48377d4e6d5f9a7c1328

SHA1
bc213bfb0b61bb6a38602c51c5968fd13aa2cb85

SHA256
87da7450ed869c06c22a1260c1ec3f81b5acaf6929f5279b55011524288eacc5

SHA512
978f9c4aa1c90de922e635b8fa6ca26e1959cdfee5bcae38378761a752190df71ad0fbb6280a5d968eee01e0b6e4cbba0022db8b0c492d907170e3babda5c2d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
f192c8446bc583614229fd4cd96ad6cd

SHA1
1e68b1a06c1e00395b2d63d9f8a522d0b82f863c

SHA256
09b017d80a06f70485e21be8de5b4d56074d2ddf17bb21f7d82cc2f47ddd9250

SHA512
06f0fc1e263878eb0eea1aab0ae8b9c54606498286d8d36948d082056882bc5929409ac506f2d839e2b6bae550009c5fd3e7c6960804e3c6485e1a549a37d7f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
b0096354ed12dccd19a7564f04a4c574

SHA1
d64e40d6ae0ed99ef46ba03fee9bfedd7e3e4018

SHA256
76285d72315a3fd8905bbba718fb31474f34071596e6c9967c3fee9816cde46d

SHA512
6d0115d21a84e02ba330ce0d540130ba927fa26a16a3059055a56c7c4da0b09c63b328a543c973ad5c7829d137bf588b942ddd2b0f6d5ba90a24348e2491824b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
234ea07862074309f36e06b11101334b

SHA1
a467140f2e8f66e29bd5ea94558407528b2fb85d

SHA256
6e670844caca064d416f810c5396927934634a80d1aa81520ef2f9aaedfb8f0e

SHA512
18a671a35cb4b656180801fd73d46ff9f372202a6c9bfe72ba5f6b58b738980fc7d523f8919b2393334dde0d5635240f3a2b26c10dfbf2d0393ede5924b9902e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58afe2.TMP

Filesize
101KB

MD5
b2ea1d197296d1092165f49a08260e6b

SHA1
e916d4b6fb6891a35168ed491d2e54f929d9d1fb

SHA256
f31b9b582ff8d7a6abcbc7a78fd67cd3b27e3989d78d2c01bc1546df2f60fdfd

SHA512
2d79cbae8b992963ea3b9b0e0e9612a808e1de9e591340a73f695a66bf1f9a450a5edffa7b3e6a5d5ff882bba84bb9103f2711934f48848631c10c01437c90ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit