6f88b6f5f55488c28379f8e18a9ed347534cec25d7ba2ec2d9566bc712a4741d

General

Target

名单册终端.exe
Size

756KB
MD5

87c800dac6fb2709eafd6561f100035a
SHA1

c15667dd8971a61b368f27c2e8a8f22ef7366bbc
SHA256

6f88b6f5f55488c28379f8e18a9ed347534cec25d7ba2ec2d9566bc712a4741d
SHA512

bb279745e0a9434198303b2c010a7bce231e7c0a95e2de1ec8a599a48c03749da2c3d8909ac36024f6ec82cde7a6cdb2a62aefa20b0d4b694b1a85b751b1e95d
SSDEEP

12288:BMR5KNIevOJGIGEMvQ+xC60QM6n7vFSspPsvVe3cuQlrJuTWI1p/:SR5KNIUO5GEiQ+x/M6n7wspOVn9lVuTB

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

103 http://kcunaki.cn/

flow	ioc
103	http://kcunaki.cn/

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600785791549484"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3920 chrome.exe
3920 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3920 chrome.exe
3920 chrome.exe
3920 chrome.exe
3920 chrome.exe
3920 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe
Token: SeShutdownPrivilege	3920	chrome.exe
Token: SeCreatePagefilePrivilege	3920	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

Processes:

chrome.exe

pid	process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe
3920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3920 wrote to memory of 3216	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 3216	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 2444	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 1692	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 1692	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe
PID 3920 wrote to memory of 5976	3920	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\名单册终端.exe
"C:\Users\Admin\AppData\Local\Temp\名单册终端.exe"
1⤵
PID:2980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa0f48ab58,0x7ffa0f48ab68,0x7ffa0f48ab78
2⤵
PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:2
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:1692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:5976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:1
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3372 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:1
2⤵
PID:5132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4404 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:1
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:5128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2260 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:1
2⤵
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1704 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:1
2⤵
PID:5156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4452 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:5700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1708 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5124 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:3580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4520 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4944 --field-trial-handle=1928,i,15911706396692362574,15741733258206787903,131072 /prefetch:8
2⤵
PID:5528

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
756KB

MD5
87c800dac6fb2709eafd6561f100035a

SHA1
c15667dd8971a61b368f27c2e8a8f22ef7366bbc

SHA256
6f88b6f5f55488c28379f8e18a9ed347534cec25d7ba2ec2d9566bc712a4741d

SHA512
bb279745e0a9434198303b2c010a7bce231e7c0a95e2de1ec8a599a48c03749da2c3d8909ac36024f6ec82cde7a6cdb2a62aefa20b0d4b694b1a85b751b1e95d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
9ab74038200b4f488e1f7a741ba8c488

SHA1
eff6edc65ea40f7f0649d622eb0b7826073263e0

SHA256
512cbe7397c760a5a7d04d94d03afa77a3672445edd466c9579104fe267cc755

SHA512
2be6b1e9953c0bfea157927a9bd565b0ae06090d4d989c31760b004e520352f04a26c62bdb753b71425c47764c46155e3335213aa41f957280f2c2d1b6eaee71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
dc8bf9d6f8fb867f661593ee7e1975da

SHA1
ae9f309d011297d2bf126429668c94d5ccd3eb29

SHA256
e0e589563a6653be4d92770eef145448f13f7e56e033402bf4b07944d74fd3cb

SHA512
1330166af646a88da42b05a4aafe0e156387c59ea4a3f8df18ddf6f116ea263932c6ab94bb232f5389408ec497d988fbdf385884bd9975ab6562caf4349c4f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2a76bdb64df9bdb4bc4c68568c8f9b64

SHA1
b0c9f9c1ed9ee7f93c9df2bd9708e1fd7a6ab96f

SHA256
fe6029374dad0b0e5693e4f0782446ad2b94e3c15c7611e33855bb16ce9bb94e

SHA512
d5e5acdb87187c653f4458cac7c237489656b5732fa31c99f3c8363bd6a7130ff4a609bb82e342677da53bb9362512c4669e3e4d3e2f0a4b820d46c171c21392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
8f4517fe35b107c0ef84bc380a06eba7

SHA1
4992fba3735a4564dcfaa90746493e94f2f36427

SHA256
a5e7b61fade611a9571b9b5ea76566f5ce34d61f6b861d9f501bb7e15998e742

SHA512
b2feb8b5a55a93b1d6884536f8a2657e6acd3960d7d146ffb77537d81fca8811691450acbe1b79464cf3ff924705f881206a14223ecf8fc21efab466a2c52b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
256KB

MD5
5acb29dbc37f540e4c0fc81bf325ca97

SHA1
a1e58238207406d9b00d0b35e1848cde07296fd4

SHA256
556da9da5488975194361edf93e0fca77ab71d28c10b5e3a02096d2286583bf1

SHA512
16c99ed38e2e93c4586d856d1a36c375f140e0eae0734efdae99feff6c6c5bb1268cbf8921ad065080a0e931c5c0e524c3ed9475b21315cbb7d9bda0052cc4a1

Download Submit
\??\pipe\crashpad_3920_MYLSBCXEIKKDIXZH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads