hxxps://d2mxzd04[.]na1[.]hubspotlinks[.]com/Ctc/2O+113/d2MxZD04/VWHsg96Vv2TNN3xKDqYX3fHlW2z6fd_5c9KlRN1KM5sP5kBVqW69t95C6lZ3p_W661m2q1P9L80W9cVllW1pBxWfW66zbfj3C8x25W5w6CcG5d5FmTW4Jl0l84jmVgpN1njm9DYC2SbW8pqlRR91v4yNW2SxQ6y5JLPNFW39Jm7M87P5X3W5PxXDh90HbBlW6ftNGT6pQSVyW6Tydx75TDrKFW9cHY8m8mL5lbN9l_LKGVy6r9W6CGqbW1z_QncN4BFVZCn_q5NW5Z0QdT6jvfCLW4ygT5q3J7y3bN3snlpdxNQcNVWRXqt8KS4_lW3zL_Rn7K32gDW2ptbL54GQSqLW991R3p4BQ43YW5KmKSG48mjqjW3tHffX5FyvhSW7nZ0Vh7R4KYQW57R0y413y2HZW3jyzlv4Y_6mnVLFn8V32YZFlW1CvQwf4Ss4p3W2zY5Mc25KMtvW8qqvyF5Q34d5W3lGwRv4PWkwBN26RGt4lX1-5V2H5xn38Gcn7Mwb7RC7S0NPf8LS0X204

Analysis

max time kernel
64s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2024 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://d2mxzd04.na1.hubspotlinks.com/Ctc/2O+113/d2MxZD04/VWHsg96Vv2TNN3xKDqYX3fHlW2z6fd_5c9KlRN1KM5sP5kBVqW69t95C6lZ3p_W661m2q1P9L80W9cVllW1pBxWfW66zbfj3C8x25W5w6CcG5d5FmTW4Jl0l84jmVgpN1njm9DYC2SbW8pqlRR91v4yNW2SxQ6y5JLPNFW39Jm7M87P5X3W5PxXDh90HbBlW6ftNGT6pQSVyW6Tydx75TDrKFW9cHY8m8mL5lbN9l_LKGVy6r9W6CGqbW1z_QncN4BFVZCn_q5NW5Z0QdT6jvfCLW4ygT5q3J7y3bN3snlpdxNQcNVWRXqt8KS4_lW3zL_Rn7K32gDW2ptbL54GQSqLW991R3p4BQ43YW5KmKSG48mjqjW3tHffX5FyvhSW7nZ0Vh7R4KYQW57R0y413y2HZW3jyzlv4Y_6mnVLFn8V32YZFlW1CvQwf4Ss4p3W2zY5Mc25KMtvW8qqvyF5Q34d5W3lGwRv4PWkwBN26RGt4lX1-5V2H5xn38Gcn7Mwb7RC7S0NPf8LS0X204

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133560639164720531"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3212 wrote to memory of 2576	3212	chrome.exe	86
PID 3212 wrote to memory of 2576	3212	chrome.exe	86
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 5116	3212	chrome.exe	88
PID 3212 wrote to memory of 3736	3212	chrome.exe	89
PID 3212 wrote to memory of 3736	3212	chrome.exe	89
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90
PID 3212 wrote to memory of 804	3212	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://d2mxzd04.na1.hubspotlinks.com/Ctc/2O+113/d2MxZD04/VWHsg96Vv2TNN3xKDqYX3fHlW2z6fd_5c9KlRN1KM5sP5kBVqW69t95C6lZ3p_W661m2q1P9L80W9cVllW1pBxWfW66zbfj3C8x25W5w6CcG5d5FmTW4Jl0l84jmVgpN1njm9DYC2SbW8pqlRR91v4yNW2SxQ6y5JLPNFW39Jm7M87P5X3W5PxXDh90HbBlW6ftNGT6pQSVyW6Tydx75TDrKFW9cHY8m8mL5lbN9l_LKGVy6r9W6CGqbW1z_QncN4BFVZCn_q5NW5Z0QdT6jvfCLW4ygT5q3J7y3bN3snlpdxNQcNVWRXqt8KS4_lW3zL_Rn7K32gDW2ptbL54GQSqLW991R3p4BQ43YW5KmKSG48mjqjW3tHffX5FyvhSW7nZ0Vh7R4KYQW57R0y413y2HZW3jyzlv4Y_6mnVLFn8V32YZFlW1CvQwf4Ss4p3W2zY5Mc25KMtvW8qqvyF5Q34d5W3lGwRv4PWkwBN26RGt4lX1-5V2H5xn38Gcn7Mwb7RC7S0NPf8LS0X204
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c5ca9758,0x7ff9c5ca9768,0x7ff9c5ca9778
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:8
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3168 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4892 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4540 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4752 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5452 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5328 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5228 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=2056,i,2759418196126434420,5705100380423748612,131072 /prefetch:8
  2⤵
  PID:3572

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
b9256eb3c14e4e490e01725bf3ada5cb

SHA1
a16e5671bb06254254670d40be64eb3e716a260b

SHA256
00341a3f08523a2875c570a20daa216bf6fb9a666813bb0d1d0f2fa00ea8436c

SHA512
abf21f60b8f6aaf5e9b98fa20c358ab5ed1fb30916d4abcfbcedd084208e58a0211c8e1ed9accdabac9ceb7db5bbd05e3c221d5aef895fd67063a9bc4e7dc9c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ededa3431549e31e719eff8570cf0b67

SHA1
09839bbf001f80cd5248731244037abdecbd6dae

SHA256
85016463517ddf1dff71b6db4bc29f99f4ddc3acc199f3e428ecd29a945f9b07

SHA512
d41a71e9a1a8f956cd65355d9d2de2c3667a50c0c1cfab1ed1c3ccbc66d0b4416c2aa781bc29af4138d17569e49078142790f18ca7c8d838231ff7e38d4ea440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
d67c1cfe714619c157c355af708101b0

SHA1
6cf3f57544fbe36f8a3bf105f2a4c32da82014ea

SHA256
eb6fae7cb2c40574231e837aa859d5f13ab46d04c30acfe47d56b8c2fe307731

SHA512
f57c05db25031571f0d2ab001c6a44c07e25952394945b161fc795627b780965180c39fcf561725b1b2f73d450a76cbec3e7f777d399d65646390ed44e776736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
24b7f363089b6faaab0b504939360da4

SHA1
eec018a58e3d8b78535f4cbe3389d8ae1dec9f2f

SHA256
c5796f47bc87fd3e0b88d7e0b4089bd82970006b6bb64980c58314f11684c9e8

SHA512
d758468979403b929ead48214c1d1d7349da2a03f8bd0158997c3c9873496b556f9afdbfbca68b0a0b76ad647f2ea9a06e5770f040367b27896d706fa69538a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b8a530499eba386f4e8275053960ba0

SHA1
9ede7fd76403c378a3a04357428af0bb5dbb1954

SHA256
0b9cbaee0c019c7e1118dfb764f2b30dab1313463ab7fba0ccbc62ddb9b22cf9

SHA512
11b9c316ff61fa1e898ac4c7749fa34e575cd87688dc2fa19a4c00efa41a4eb38d85e3222831b4a794b335c256a80313a5e713db41aa5cd9ad03171a463ccf46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c0a52c941665e0e9f9c12c7ee5141bb3

SHA1
a5697cef12a0b8af35b8f63bca2e75bd1b597fcf

SHA256
1ee441187f38bf16d4062e0c5451629c7d7cf26fda23ce2d0f324a6948245379

SHA512
3d8f9607ed3997bf759111d3b3774c5478c913991cf942b82ca7f87a8a92be15bf4e5e6cc3615d745d2c17ec88d71082049ebe6285ffeaa774b30166ea08d0df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df3e217d32a738d25739b01e51c5d1d8

SHA1
6742654d9fe48be748df776d686acd7cc0b83551

SHA256
c852a5a055a6ee7feab3a1bededb5a4b97115264b0c2e128e04f78c3828ef250

SHA512
7abaf1ebdbb057cb9a1b3c7fc0329e8b865f844f7eb30ce817ebfda351713c2861ec79b8b2abc5820d3a1342219d49d71a7ae5ac522cce0fe41f94f9679db03d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0bc860eb5f03c1b560d74cd07d793def

SHA1
3609af31eb8aad38f2e6be07b1850c3f735343d7

SHA256
b4aa1fa0db599e63ac68e4606c082a44868f7781e3076e6e45378985eeec291a

SHA512
3b8503c0da88954543ce22e7eb76efba7cebc4f08fa07494d8fc8b2fbd49e63c5ec9dcff9f69ced510032a8f999e5633b71e27d2a85f4b00c7bd15d524414124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0bf91a85a2ac17a2f3b2e51f2bfbd483

SHA1
f6faf8ed1369932ee6d50b306c70d8f0e09cace7

SHA256
160eaf4777e95b1ba9028d2d738bb1c56203456693cc7857c0e6105f252cfe28

SHA512
c8ee87a36f15d961704d3ce6c31f31b14cd1bced3d0491f719f39984d33807a9760261eb0bad70f1ada3b520465f96695cab6432bf3dcdd9f38b85e7f2379618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
d5f9ba190416826c92db32dd15e4ae9d

SHA1
adf2c937cfd3e73a041ca4e80444c71ca7e506a5

SHA256
6091e52e88210d53088bbf0b1ed3ac39fff769d05d89e5c305e616dacf6d69a3

SHA512
1b08c6213a8dd7160a5d88b7e2c081b7efe6e8487bba1ea958d93513970ed7b8aca418731d49f0d7c770ea5a78dd62c9d9b27d9de0d53d2512ca94b6ce3230af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
3178e80fab382490ccf1ebd02511825a

SHA1
1833d7e0133445edbe201209cab1783fa64a3750

SHA256
2d43407af2ae2eec6720299466f39fbc56b9ac27463287c88ed95fc1bdbd7e2e

SHA512
24f6456b2a89040e54176da5945cab5175000cf6d2b8d7436bcb9be555e7bf27e8eeb4d7c7810593f43e346b58ecddc2ec4359d1aa0df90a892535d708282097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
9155f12a5683a52d8abface7cfb2fe2d

SHA1
3c982509a6135cc2735764c43bb58f9d6267fdbe

SHA256
469efd2d454a67a9a2e62509016d58e082d7ad1b7ce835675b6dcb19780a857f

SHA512
811e6c835421da817b55f893beee5358e9bdaa15d89c7cade59bb957b4ab471a548485a941a3f62a002fc2ee37232713762bb23310d938c2664081a2c5b8b26b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
c9c3ed3ee058ce64e8662b058ed52627

SHA1
d3e97f4b33d7f1d85249ced3a7c4226e0b6af963

SHA256
c972858e9d1c32800a786979c6f0c957de0363d7eaa8cc8242c42e2b0d5f1fe5

SHA512
11245d0691e2cbe0ee23cd79b6822750f6a328541b11f1e990ee08e21eea0d0e90adbb1c437dd8e9e35a1487de6cace8b7b4e7ccd24f50dda9517276bab9f824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d6b9.TMP

Filesize
101KB

MD5
296ffe3516795c96624564915dd11f45

SHA1
7e02945ed707ca42aad68a9de3c4f59a097e4b16

SHA256
ab3393ea32c780aa803fd24969e632c5465c2305280cf68f6b9cfa7cc0ea5156

SHA512
2349e3d9bf2fe7484cf4ee6bc12ab1eff9752040e706b1c4cb71ad4ff86df536af63de55211f36367d1b2efddb4644356e18431fc4e84fdb700d35a7784fae00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
85KB

MD5
f940bd8a7837eca9de43ffa5c1c5cad0

SHA1
439fb4ca7d1c7721a5a7984586b1940fc3d11006

SHA256
54cb6a14375f31dc5428f6aa1e57dfe53f2abfd3fcda9fc94b4bd66c8eb1d866

SHA512
0af95ab3d8f50398e2f2dba3a141a4820ce0518d118b1032c945dddbc8ca02900d39a26180a6fa1016b3224d388e8b2aae817b02c6da041c6140a34225b76230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit