hxxps://info[.]sirion[.]ai/hs/preferences-center/en/direct?data=W2nXS-N30h-SgW4cwvpb1Q9_8TW3f-kwl2WKKgpW34hBMC1BDby2W4txXkd2MF2mpW3BTMR61VqWt4W3W2nWT3M2lz_W236vvR2G0jPJW4mjfD73463QGW2qLfz71Q5MQPW1Q2W6l3VYW3FW2RPt0-1_t98kW3jcR-t1SdFC1W45FGNt3jdKWPW3CbBhF4cQFBQW34zzpq41CgbFW41-Gn21NmjX6W3Q_nTJ1--8vZW3XDK1s3VyHM9W34HQ964t4l8fW3M65bp346rpwW4fwJKm4fNkk9W3_pzsZ383yg1W3QV_6p3H4PbVW4pJH8W3Fbt6jW3ND9xt4rgBZrW3yL33j3d8VXzW3_X0nW2Hy6LbW36kwHR3VLgDfW4fvSgS2zYyBbW3M0dVc3VWs5SW3M4TG83BJwWgW383xvJ2zQr3GW2CNZlG4kJcJBW2-drh31LxczwW2KJfkM4cvBN2W3dhBZS1Zw4GNW327TFB3XX31xW2CKgjH3z9CTRW3KbWQ94ff4FQW2WMnDF3G-xWbW3FbrgV32kXjrW3MbDr63M3zpQW2p6hPw36B-GZW22VCBD3BWqQTW4pBQVd4rwwG6f3g5P1L04&utm_campaign=fy25-lops&utm_source=hs_email&utm_medium=email&utm_content=308291793&_hsenc=p2ANqtz-9RSdThwPhRoP8R5fMdGH6Ac9RCwyuvNQv-ZIkIxxrS1DdpKMUWDdJ1axw-kMsBRlb00Jr2hTcPSyY6pXQpH9xBcnSvaw&_hsmi=308297260

Analysis

max time kernel
300s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://info.sirion.ai/hs/preferences-center/en/direct?data=W2nXS-N30h-SgW4cwvpb1Q9_8TW3f-kwl2WKKgpW34hBMC1BDby2W4txXkd2MF2mpW3BTMR61VqWt4W3W2nWT3M2lz_W236vvR2G0jPJW4mjfD73463QGW2qLfz71Q5MQPW1Q2W6l3VYW3FW2RPt0-1_t98kW3jcR-t1SdFC1W45FGNt3jdKWPW3CbBhF4cQFBQW34zzpq41CgbFW41-Gn21NmjX6W3Q_nTJ1--8vZW3XDK1s3VyHM9W34HQ964t4l8fW3M65bp346rpwW4fwJKm4fNkk9W3_pzsZ383yg1W3QV_6p3H4PbVW4pJH8W3Fbt6jW3ND9xt4rgBZrW3yL33j3d8VXzW3_X0nW2Hy6LbW36kwHR3VLgDfW4fvSgS2zYyBbW3M0dVc3VWs5SW3M4TG83BJwWgW383xvJ2zQr3GW2CNZlG4kJcJBW2-drh31LxczwW2KJfkM4cvBN2W3dhBZS1Zw4GNW327TFB3XX31xW2CKgjH3z9CTRW3KbWQ94ff4FQW2WMnDF3G-xWbW3FbrgV32kXjrW3MbDr63M3zpQW2p6hPw36B-GZW22VCBD3BWqQTW4pBQVd4rwwG6f3g5P1L04&utm_campaign=fy25-lops&utm_source=hs_email&utm_medium=email&utm_content=308291793&_hsenc=p2ANqtz-9RSdThwPhRoP8R5fMdGH6Ac9RCwyuvNQv-ZIkIxxrS1DdpKMUWDdJ1axw-kMsBRlb00Jr2hTcPSyY6pXQpH9xBcnSvaw&_hsmi=308297260

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609671464606871"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
1804	chrome.exe
1804	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3188	chrome.exe
3188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3188 wrote to memory of 3092	3188	chrome.exe	83
PID 3188 wrote to memory of 3092	3188	chrome.exe	83
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 4268	3188	chrome.exe	84
PID 3188 wrote to memory of 2376	3188	chrome.exe	85
PID 3188 wrote to memory of 2376	3188	chrome.exe	85
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86
PID 3188 wrote to memory of 2004	3188	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://info.sirion.ai/hs/preferences-center/en/direct?data=W2nXS-N30h-SgW4cwvpb1Q9_8TW3f-kwl2WKKgpW34hBMC1BDby2W4txXkd2MF2mpW3BTMR61VqWt4W3W2nWT3M2lz_W236vvR2G0jPJW4mjfD73463QGW2qLfz71Q5MQPW1Q2W6l3VYW3FW2RPt0-1_t98kW3jcR-t1SdFC1W45FGNt3jdKWPW3CbBhF4cQFBQW34zzpq41CgbFW41-Gn21NmjX6W3Q_nTJ1--8vZW3XDK1s3VyHM9W34HQ964t4l8fW3M65bp346rpwW4fwJKm4fNkk9W3_pzsZ383yg1W3QV_6p3H4PbVW4pJH8W3Fbt6jW3ND9xt4rgBZrW3yL33j3d8VXzW3_X0nW2Hy6LbW36kwHR3VLgDfW4fvSgS2zYyBbW3M0dVc3VWs5SW3M4TG83BJwWgW383xvJ2zQr3GW2CNZlG4kJcJBW2-drh31LxczwW2KJfkM4cvBN2W3dhBZS1Zw4GNW327TFB3XX31xW2CKgjH3z9CTRW3KbWQ94ff4FQW2WMnDF3G-xWbW3FbrgV32kXjrW3MbDr63M3zpQW2p6hPw36B-GZW22VCBD3BWqQTW4pBQVd4rwwG6f3g5P1L04&utm_campaign=fy25-lops&utm_source=hs_email&utm_medium=email&utm_content=308291793&_hsenc=p2ANqtz-9RSdThwPhRoP8R5fMdGH6Ac9RCwyuvNQv-ZIkIxxrS1DdpKMUWDdJ1axw-kMsBRlb00Jr2hTcPSyY6pXQpH9xBcnSvaw&_hsmi=308297260
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa75bab58,0x7fffa75bab68,0x7fffa75bab78
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1944,i,10157768649568444777,8632659857728924738,131072 /prefetch:2
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,10157768649568444777,8632659857728924738,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1944,i,10157768649568444777,8632659857728924738,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1944,i,10157768649568444777,8632659857728924738,131072 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1944,i,10157768649568444777,8632659857728924738,131072 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 --field-trial-handle=1944,i,10157768649568444777,8632659857728924738,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1944,i,10157768649568444777,8632659857728924738,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4340 --field-trial-handle=1944,i,10157768649568444777,8632659857728924738,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1944,i,10157768649568444777,8632659857728924738,131072 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1944,i,10157768649568444777,8632659857728924738,131072 /prefetch:8
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1944,i,10157768649568444777,8632659857728924738,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
14cd9dd5a7a1dc4fdd3ffce2bb14689a

SHA1
a675394f85e905897e8f35ec05d65721433b4b51

SHA256
750b40523ab42a1f231e6a86f1849a0dad7ac24a8c0d498b05a8a9671fb1eb5c

SHA512
24f9e92d204eb00fef7fe33011c026c4bc600bfb59554f40eb6829bbe54aefba4e656f3eb3ec29515639e6205e66f68dc7bc49a5426b48557e140526b2565d40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8524b00fc2cdf47c35d46717aa1ee4c0

SHA1
ef38c0f34cfd401549ca971499f71d151c4b33b3

SHA256
2b19329962f44efd4e7ca81c0635b52dd330678d783c3af5a011e64caf5fba29

SHA512
37bc42553708faf250fa6765753d257118324f17b212cf342b09950f0f268928afc811dc477314c43a1775b9e91bca79c393b95e1a7bc2a5eb9ca31e2dd40329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d4eb9c6e4bbb25bd30dd0dd692cd0eaf

SHA1
fa340a84abeced972e161f97e518006cff41c577

SHA256
e43f80e2de271e58587d046f17a4bb70d2428e066a674973bd88f36f4edd5f08

SHA512
b0246ec76bc6886146a14ac839572faf92fdd89c047ceeff2f71e3cf43e57fa57fe39e22cf367c0af56c692c2601eaa7c5c151cd595df4133a6463b3d9a2df25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d5c8e52c851bbd9b16c161b117150bba

SHA1
bf1743b4e7d360a4885ace0d582a51a67013eed4

SHA256
da1b7c6dd148af8820f2877d06d0c071e30cada1992095046572c2d9823c0bbe

SHA512
abcb3a5be3e4a54aabd0e6c897be5cd520542c4b4c242979dd3d302d61fc8feac2bda978b2d5c516c3f7506f6b160e53236548465b1468c788026be3f45a5def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a1770d67-9958-405b-9a99-7a36f9256f62.tmp

Filesize
7KB

MD5
f570a5483e17959870d84b416ece5191

SHA1
ab9c5a240e88768b86fe84172eca446deeb93b73

SHA256
f3866d4510f93a4bd0447d0bb1dbe641f8310d4f2d8f4c829f50b50e61f75985

SHA512
f36a096b31c329ff16991d2f3c8dcf351b05f2cdca815ca7e73904dbe4d182ab3107578863eaf1de3467303561286fe8e03381cde505c9e7d57902b994c73c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
a0151fa0a2d2047c767ba1d9c2da4688

SHA1
913156011e2ccbe0695732fa607471cc4bf88e4d

SHA256
2ed12459657b55405cb3dbff4ba3a5e9614f26204d3adaa903681a576ba657ae

SHA512
1e0791116bfda85abbc6d9869e4e5e2405445526d6314211b6f3abe98a32653766f70a29253f6779819040e69cd088c8354cfa3ca1b8696962639ca7b7e8e4f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
72b0c5355f0845cd6bf4313fc788de4e

SHA1
5d8b8fbcb381ca56440333417cb6a39d0651807f

SHA256
e17d950935c7e891f21f749abdb6e9abd61b7234e967e5633cab2b62473762e7

SHA512
e9da02b87a1d92683b8e19db202e73ae1d0b2a24b2200a1ec78461a52951b013871389280c99dc3396c26c475e2bd3261bead8b793b9021d0a74d435456c5aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
7b7f7583403fa36fc5b71ee5625aefbd

SHA1
91fac405983cc93c5c432bf3008a4753b3d26ff2

SHA256
8a5fd42254ae2c88a2cc9c488966ef93e8a150d930bcbc02b1c468fc306e5af4

SHA512
9591452f0fc09cfe39b6a632c750d381781237d59f55d897c8f3cf2aba5e7b6025480ada003d9094fec87c1ee8c75a0d3271e39e4105d5593fdfe535f63d7bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
e98d3f5334309426322fdf77bb6d6666

SHA1
8de1cd6dc9b69d543fdf53fe4050f6d337e5a1c9

SHA256
dd8112822a111058569fb6777fa080956a7d51e1a803b4e7726638012dc58065

SHA512
acdce018864d308a96768d0e83e6a3122c8e610b54ae4c24651ae98c42a51e2397e2cf2315ffd753ca38bf5bdc15a0457d4d7aa6722e0bf7e606f3a1f91d2d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
45ac369c1a832a98d245856d2e0d165b

SHA1
6d17c38fe2fa9bad6c3dfeddfc54e2f8d6b822b7

SHA256
ee8de48911a5302b6a74b233e4efe2e05357ed491ed6516aef37ea161df99ffb

SHA512
a08d77eae909a68657cb0d50feaabfdb6f5a512e4fb9de58fb3587f3caa11036300a3b1e778abcaf35cd39f544ace244fc6fe9105d8f599f5d428d7ef258f0a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57dee6.TMP

Filesize
88KB

MD5
7e03946ae9578d34d8cccbc586eb4c4b

SHA1
777ad1414a22848131b586dc9982ba0bef0348c2

SHA256
81f450729f2e1d1712a54d43233b5720c4e0aedc473032239a42117bb15aa78a

SHA512
e03fab80e3f7d3efa99b5665e2e6abf4a78233ce58a1a1596f63cb3b4e3b105789cdb61c25cff6f813785e6a5b2177beafa1b0ab2f36eddb87a76ff76f0a3628

Download Submit