hxxps://ej136[.]cfd/w046

Analysis

max time kernel
195s
max time network
298s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
13-04-2024 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ej136.cfd/w046

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133575248528991897"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

968 chrome.exe
968 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid	process
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

chrome.exe

pid	process
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 968 wrote to memory of 2112	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 2112	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 3580	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4368	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4368	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 4772	968	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ej136.cfd/w046
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd41f69758,0x7ffd41f69768,0x7ffd41f69778
2⤵
PID:2112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:2
2⤵
PID:3580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:8
2⤵
PID:4368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1940 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:8
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2792 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:1
2⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2800 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:1
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:1
2⤵
PID:768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4520 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:1
2⤵
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:8
2⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:8
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5280 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:1
2⤵
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5504 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:1
2⤵
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=924 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:1
2⤵
PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3764 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:1
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5180 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:1
2⤵
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:8
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5416 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:8
2⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5420 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:8
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5932 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:8
2⤵
PID:3560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5828 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:1
2⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4740 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:1
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5804 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:1
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=860 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:8
2⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1864,i,15957515141828097067,14058056962628399692,131072 /prefetch:8
2⤵
PID:4536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2456

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
e7dc393b80b32a29b5f188cc0d1b31b3

SHA1
a4855b4153fc976204ab287079d296ae47f98632

SHA256
b6ccaddc87edd094b4b0370bbe0c0df114c83d83ddd09632ac93ed97ebf4ac38

SHA512
180ed72c0f3ae1e6a8c6bcf0822ad948503c4b9bb832c608e02bfe84910813692122b1a599cbc36107af52ecce520d6c665912863d6f5d2793346c7f1493c3d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
2399aaed14f76cc9a364b010636282e7

SHA1
41663962d0877b7d3c81646310ad2176accb72db

SHA256
1d3461fae7d0fa9755d6b9c4c82c8fa2bc01a2ab417e92eece7a44f2bed3edd2

SHA512
8e6f97b0f0e0640998d2f5d35bf787e863e79be5b9893c3f5c8f713f13a2dddec98f433ab2fea86bff02c69bb66de812583f39b8a68c3ee3863f4d90976d0a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
7b82c088a2b6b0338b596ecaa7b49781

SHA1
5a9a32d5d5c8f1be9fbde072a949de11f597e419

SHA256
6351a1631904196b5b5263aef430f58fadd5127d5f6c1e220479e9cb81d902cc

SHA512
09ca77cdf46e5e7b5910c36fc3c5ad19401298ea95f25322324548d172526179de29608a4fae3917ef737af9489010a4e24ae63c2531309336fec3ad77f4aab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
bfdde0650ba6db5eae4ed10642e999be

SHA1
121240310324fd6106e0fdc7e9eed174a6319797

SHA256
aac92767bc8ad79585b2161e513dac4c9d8bb891e9f6fd7165275bfca26942d1

SHA512
6a8fa8932cbeed0dcc0765d2f0345dcdc7f0f83a1a38d63ce8d052752cadd9b7fe44d761f8185a040d15fff07d993e1dc3aaf2c9d221056649f1d255bf73f7ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
9a64ecd123831dcb91796329eefe9b7f

SHA1
d275d80b585420e2d42128350f653875ddc69c03

SHA256
44592329270b2923c4c6c599bda29b4675bd9cdf8277565ba5c395b7d04d7236

SHA512
d6041bf273f0b2f552bb2cbbeb20766c026e4e02cc2bbc1364d994cd223859ba40d1246ef39f4bdc19f67e3500d7830e46d0c9b8e66004ccf7cbeeb4b192b55b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
f55cb74a9de85be905caf2ffd3d61049

SHA1
76d2c7405b86eaf3ffc6ac8a008a4653073f904c

SHA256
8dcebb08b3e934c87e108a70629a697a298ec715cd6320bf19d41b93ea7a528d

SHA512
b447ce823e0a904436efc192bd3edd23c3714bf2ab4a043b805b0c3454ba6376328df571379e72003f655adee99471f1527666e12f9ee7611b5093a7bfdcfc26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
af267fda1f298430b2de335be89bbe5e

SHA1
7bbb06f26ccb6014644ed44b0426993689b19db6

SHA256
f8f158af44e5bc8b415fcfe10bbd89a6f25428782046ac9cde3435771815c56b

SHA512
4eab99443869b63c2dbcf7438cb23d1886d0f9aeade6dcd0195c985734ad5bd7c0ce7664e3db1bc5f76efd87ca7efa26583fa4cac324c15b6466cec3812ebc34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
871B

MD5
4f02f2392b97aa719b79687932b15a92

SHA1
3755389ab5f9b1c8c3cc6e5b924008392c50bfc9

SHA256
dd0548b107e0d573da1e94ff221a2f73a888a5c20fbbc9b426ec75bb045454f3

SHA512
a1e6f89c03c5b70685053b99e4fb92f3be3346ed707f0b261457b5f5091f38d3ef966a2c3032e31d4476db31556ed360eeaa92bfa1a7ac8fa88aa80fba76e659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6ab644ec96261209840bd1342b203fdd

SHA1
9ca08726ef116fe289087230de9928d71fa0c7f7

SHA256
f794f555c9fea2fbaf03626ed8cff804afac0d2be4ed3d188e1291c46c6a64b9

SHA512
a327fd226e5666809e367f5b99ae1179b3e9586460bd72591f0e43fdf9a6debfe7fd514c6c40e40c6f98b9d9d03bd9befe0310fa6bfb72cc125f3a6ab306727a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
871B

MD5
4967028196a14c99872c4eded8126448

SHA1
963c2a6da617b85f843f54dde63dd6859b0a2339

SHA256
2eb16aba711e2170987d3620b91700bdeef0fc6f261ead3e176eed66d321c08a

SHA512
9d8e2422fcd75379b631d94b0ec9d8850f6ca01d15ad11253f14972de85f095b62399fd89a915e41d1db4bbe9f6b3348ca20141461f8ba291f0f5d6e247d44c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
871B

MD5
2a3d92bbb54d81e20e0918924ebbdfd9

SHA1
9a9be153c203b8d128e48e790a2752dd5133bce0

SHA256
4579f57c50c362b70265573d6b0b42c3076a3f3ace9ec30a6387335ee61c540d

SHA512
e1af36c6ad7a1855a825fe148b83988e232b2be49f2f0c9327f96c7305920147f0af522b75dea2f85dde078c894ea05f354e94795ea07912b7fed76e1856ed20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
800f4dd4809f05872d3cbcdeac003e01

SHA1
f4b11080fa00a3180a685ee6afdd5a0043c45e82

SHA256
83ce99fc4af13a7c2c49463c0356a779997341a641d9a7620cb1a2253d075037

SHA512
3df4fe5ba885197d406417232e378e73a2f24b5c87aba9327cbefe7f570ff0c7de35cdc908bef569c605daa245530025f1a44b92c3cc23f3dc78336bfb7e172f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
05e0f0cd2cfbfd9af8b739918759b2ae

SHA1
4911ed077e79aefc4b521a9cdc2f46963ddf8f4c

SHA256
3768f22df993e58ae4cec7590908feffc618f28810e27fe4892c8fe0bd4cb277

SHA512
dcdeffbad0f75331af306bc60bdf1463426e4350613135a8064bf45a47460068fb90cb7c65554aa061ef371e2f948314069749cc21c0815dd80ac2386adb91fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3a5798f0ca3a3c8c1f0363584473fcbd

SHA1
36a3328b2571c162297fafd9ad53f5552cc62f26

SHA256
26e690337767c97fd01ebb66ae368d59bcc9a523b2d5f250792e01bf55d391ee

SHA512
220524742e9eb1689ef955c861deeba3bae6d96e1d05d637c02b3f4b67c8dabf51dbf1dae0d48e1179dc4f797e9f57a530cc012f7b4f924fc36b5b9650708583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
6a812a452e7afe1d30e98ae033dec262

SHA1
880d30e3ab2c41cbdeacb06cefa470f16542e27c

SHA256
51f38b8b5be6c869ca337cd8a91e8d93e5d2994b21dbd81ce47ee6000eca8326

SHA512
013c50db59ab35f9d4ad7143b9f04daa8ac4dca8c590d082ea994b3b5c7d238db5c2aeae8cdbe83df4cb46a0f785e501080becaaf4226394bd8393ef382df1cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593389.TMP
Filesize
48B

MD5
2b36e1322d1bd2cd2ac37a211a8130e5

SHA1
d54f05fcb46c4fe78744653ad76bcd93f5378a98

SHA256
b9bf502a31f3450ff4a7178ea8b430a97c06519cbf05d7aad111e35cba435c1c

SHA512
ebac31c87c5a7f3fd42743b1d528ac87414a8f156817ed0374f72123ba0894af2a59aae1de18cfedc4b58069bf424d784eb19a95cdba719e1f92d808fed5f8c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
9786c47859a64f093f17e7caef9b3fa1

SHA1
2e22f84ad656f5b5edbe99c760fe3ca93f1c8ab7

SHA256
ec98a482197deda6050dcec02650a87a4b2beef67459e4eb29c250202252cc60

SHA512
5e586450c168e72168ab89e15e738309acc8421f753b52d888bc139ae37948cefeec481764e658ce957df40c6e6f971a8401f0cfcb2be57bec608d350c034da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
5acc2954cd1667734a4c92f8a52f9277

SHA1
b86aeee11fa1f1f0ef75ea4a0f2673710a8e9d69

SHA256
4e8369ee7b6c30964416ad47b9a39fa2691b65f6385a7cb55a0e748006c23804

SHA512
86bd80d94fb7708873b2d7d25638d92fd1aea044e28a6a15e4aba920427269390bcc8aec8d90e472425297d06ddf5b4c8168d9f3465559643a94eecf54edd2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
cb493009ff91bfe01feea8205dcb8e53

SHA1
817f7919893f5e0cf1c8b2bbf07d30944d5e451e

SHA256
26a17f8d2d4c526bc78e6a92d888432802311764a9eb5f4382a2e7ee5516340d

SHA512
b65eabba95f32d09ebabc357e35f1e63bff5330a8a1b1806c7cc67a8ce1169c52ce811d0d3e1cbf45c77d4fac5e0eca82e6296b0f76b63c25e78375d4eed7d6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
102KB

MD5
53f0ccd0e06b762362a417427ead162a

SHA1
ca053aab9f0dcccb32a818ef9f674b3ac84b2e60

SHA256
461c0b800b7d78d7d67ecad5fcd990238bbc78e4890b3920ae86b4797c39bf9e

SHA512
87c0ff95d1fda1d4ff6c6a78880f47312bee440346438e311d9cfec67d72a93645dfae59b743d358ece4156260336607e0a4476e36002977ecea14b1ba00260e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591728.TMP
Filesize
100KB

MD5
59f193be1ba2e50ffcf9019ab4d2254f

SHA1
f613b23e83e01ff966ea3c5321501ed17c22eae7

SHA256
181236fcfc7243d6ec9d4bc0fa3ff39010ae7ac4629be9b4c8ce96c68606b848

SHA512
ee72d712fed6d9db255bd963c33cba57d094e78eefddd19f627d677747efe73e72841988a9b862303ec1ac91602b1402acc9f482e68d1983cff3cd4c5ae8d5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_968_IPTBXUYPKCJATPGA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit