hxxp://khaosat[.]uah[.]edu[.]vn/1[.]txt

Analysis

max time kernel
300s
max time network
277s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://khaosat.uah.edu.vn/1.txt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619899717325785"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2996	chrome.exe
2996	chrome.exe
3264	chrome.exe
3264	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2264	2996	chrome.exe	83
PID 2996 wrote to memory of 2264	2996	chrome.exe	83
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 2972	2996	chrome.exe	84
PID 2996 wrote to memory of 1340	2996	chrome.exe	85
PID 2996 wrote to memory of 1340	2996	chrome.exe	85
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86
PID 2996 wrote to memory of 888	2996	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://khaosat.uah.edu.vn/1.txt
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94e6ab58,0x7ffa94e6ab68,0x7ffa94e6ab78
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:2
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4128 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4700 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4988 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1524 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4256 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1736 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3868 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4944 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4032 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4820 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4904 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4568 --field-trial-handle=1780,i,1423705781694894022,768420929185883754,131072 /prefetch:1
  2⤵
  PID:2408

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
ef1cbaebcd0da0598b24b0289bb2a9fd

SHA1
39cc05ebe52a0e6352586f62d56a8116ec5e92de

SHA256
6d90ca8b0746af17c8b249328889578cd7300b0b2a6c7949506d8b3add337084

SHA512
48324557f32fd04448b8a421892aba0d56dedf972005d9ebf73356252af071b16d904c6294b615b0aedbd2a3c1be016ac0b2b33f4ec1b5b2e41a8b49b4d45d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
fad32969575b7190dcead84e6a9006c2

SHA1
bdb7d177993264a72dfbe3bf51513ebadbd54dc6

SHA256
fb05d1f4607b2d3de21cb74a83c9523dac61a8fe15202b423edf5d46ac228c6a

SHA512
b205fac5b15c0b4c9d9ddaed3dbc905a74d34405d87bba88c9f5b68cfe1696e3dee23059c4541092fdf19b65e8c317fc22ff3ce6d5d0852b0878d71de493d835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
769710c2ee95dcc21fb87120a28736db

SHA1
dc58529b5f9b08ff0f726a5b0c67de5090bc05bf

SHA256
a0606f39c7560804f850f56a0f1281f93128945c9aa3604e46ebf00acdc6de18

SHA512
14c467ee24c8528a63dcd86bae11ad7b3b36040bf1b0c4a371eabeac9424495218bb90b9d873e8b7cf909efa291a10a91355b0e7a71727ad2df87f8b03cf1167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4af43ad22933a15f86c2a1e44e6806f7

SHA1
5d7d43f74ea46ac24155a278d620f09ad2870486

SHA256
0bc7ba05dd7e769ec57d5fa29eac95b670e1223ca54cbf37657f848e02fd29ba

SHA512
1ec6972b182d615f5af5907dedead5100ed7d3eb655f0abb7c5ac83d776866cc54c5cf9b8293613bb93fe44fa93cb9167f93e3229ed382d071c0c316b807c3c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bdbb471cf4c5dd2560858354c7838560

SHA1
2de2a2e7c88fe0e28b004f375cb1a783883038e6

SHA256
433454fd7834a260b618be93d5421508c8bc457ba048682bed18e6e3165299dd

SHA512
edb979817b7bb12664f20189ca48958943963144e063320ae42f9e6f69514ecbf3d45c2dc6b5be5dd3c296d2cf38842e130046ee5e86c4f5c01f8c7ca9015b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c215bba889eafdf3a25577238e986cd3

SHA1
c561f11408b5aa8dd151d896e91b9a68f839d83d

SHA256
e7964c9b42d3c25caa0760a4018a1d50c7b8a4991b3b69280c30d8db03b47353

SHA512
a85d46af15ca348d9d5bd9b8c2d6826b3acaacefec1aeda326d9b3f2792bcc392d57c4f6a2d00fb2c1a06cfc120f37340d95824b68ec5d1682a49bce9a8ce8fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
643eaf85c2b1cdcdb70dd71909d0203f

SHA1
582357e4e0b46dbec45e2bb723e7185e87c30892

SHA256
f132e6071fa7d06eca49949006c5ea118423a0d15e9649c136908b719cd98bb1

SHA512
3e5a2c04bbf60bc239a2bafb0861f607bd56c551e7b78856d5511bb62e09fd5fdf15e465641f1784468b7eb20aa0bab645c273eb229f056062180203d30304db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d55604d04499ade2f8e3a0c39f9c68ae

SHA1
80f0a7babb1bc3f49103428d59173a24c773a632

SHA256
c71834ae445d7e78200bdbceb92461386fcaa09c3c08425d1101e4f4c54048c3

SHA512
9182a66931f9c4edfacd3a0d1fbccd5867300b2a6d6ba6b5fc519a66862270282c505df6bc7b4ac8fc792b7ff32012b99e2ce3f5932f9a20d0b85957a5aaaa7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
87a5619ce28d8cdb497e8565e585d2af

SHA1
23d9747bfbb7998e8da5031bdbc2f4f65eb1926a

SHA256
9fe5a2f688260092db8a2ecb7603af85c91c3eb25f986c297ff255b5601dc571

SHA512
b8630e67ec6ae4807f5188003deae2fdb2e8040b300aa24b6553e2cf41a66823f54ecc3a2cefd2a9518c46bc9e289c04d0c6903c269d34c745738cca085fa5c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
59e91d6837fa314e24de49c8fa9951bf

SHA1
41b9b7d934f63014e4737e566962c480b1f666de

SHA256
e9322367ca1ddec44f2b81dc355c79d3d69f8c4be781e94bd9d4bc79b2b29092

SHA512
bb81a821b64fbc7340a798befc7764aa6f9191ce510d49a080f51c234ccacf977bd8b91265cbc9fc84e5c86d140371daaac93d18f25cd40d1547a26c71f0bc6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
915025aef1ae96eed49d155c6cf9b151

SHA1
1a160b2750c6040b0f76094a98ad66114e1ccfc5

SHA256
c525d3bc140ddd87b74de424afed1395cd1303231affedd1b454dae8d43d39b1

SHA512
55047dcb879c9821e594818f69296fe9bc7d582ca6556f3976a73f01a42be5fbf5c62ea5ca5f08e708475e759d0d084856d46574d6b865315c3cbe16bbfe4e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2670f1bb94f1cb2aa107194876912970

SHA1
b22acb67abc3ffcb85938016c867a8c3c68e79f0

SHA256
93549d7906fef0d92a364d5d84af77a7cfe69416e1eb19103d36e76ab4732201

SHA512
ba0acb8340495a36d1d05afda8e9508c743f4d2cdc2acb9b0482c7227c29847d429e2583ba6cdeed2e82892bd284040a74a4c1b6eb8e91fe5618f3a2ea72fb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
321273a34100f35d0a84ee1a3b96683f

SHA1
1303ff75d91918d04f3d0bf1ac00ac6b71f73322

SHA256
1028f710eb3196cb3cb4e766b30bc58ec41472bf28b4aa0d389c4baa31aa6023

SHA512
12fc2481e23aaa2613ace63032d05c38fa42fe46cd2424dac463c3e99e2192b957d0ac217e1ba49eac5067f3481a15a348de5feb387992f1cb203b68ec94f8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6526a9245633b25354d5a075bbf65189

SHA1
7a28a78a83997599bd46ceb3f3ba4963a45d7e4e

SHA256
67905702967166e9721949c54006a3be99d0d901171686f76404ff965a24532c

SHA512
f874d7e11db03c7113aeff9f7bb825acc4c92119a47b961197e9b5d245996f8985492e64eceebad077e0a09d01a8c0cc5658de3bd8ff49841b35aa56e378a748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
166b734f65dc89d05e97e8652cec95c9

SHA1
8419c31487c391540c44fcf46530e71784c6b3d2

SHA256
c70247c162b4a839c1594c10b3804cb44015671d0cd955bff97d4cfd1ac56ad8

SHA512
ef7fe2d14191a132328f7c5e4dd0e58ff51ac040815ef25280734ab5e488659f4a5e7d373a28a4c86d937b1e4b38c6a70a265140b83471283b07d7a775f1397a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a5506d47382a2fd2914be992a917ec34

SHA1
fa0e8720480ec2e78af4b4484ade186c3f1ee632

SHA256
af8be844a9f6f65ae2d4d3cba2fa7c3c6aebfb9e487c94e115731de224cbd7dd

SHA512
07246a89dd2d9e38c6c7e39ba9b1e5bb387968ad055299498b626080c1ef1e9be3b469ae483a91e10a8164e771dddceb58cc0a9c9fb5b4f8229c1415963a095c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4fdaecfa833b15faac8a0209ac2c5ef8

SHA1
79cca4f5919c99c3ae523c6c7fc224d6bd970773

SHA256
f8ee195f6409731b42d2f865a571b0ec17d20072c0e32f769d7a3460a37f734e

SHA512
aa5c334d2320f1e36e0c2b4949a83a3b49af4910b68e88c8ba2ecc3e06a21b8c5fa2244903fb37fc1c1f3e040f44b74319dc2c6a7506f83c9f962bfac0b01394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6c7b2fa6406f69b67240b3a5ed082db8

SHA1
d23144deb65e901285b40b92961233bd86f41b22

SHA256
edd877e9597660f42239dac70c4c81d9ccbf0fa5b4128e9c5a135f1fcfc51e0d

SHA512
666dfcf81893c8a043063560fe3a640b8c7f8816fb37fa99fd97c1df8b8b7b58ca662ec63d586bc77e2c9124c10f44e0f3f03c1e6ff280fe658598fcee10f96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
393a07125a101afdd3812d8c1c32e548

SHA1
e0f625e8d6f76ca6dc690c430e38dd544c906f02

SHA256
a382d801a5949a2852f3d08294ee4d4ac147516e5347b84f2ba88a8d85767b01

SHA512
4efba9fcb80181af80650df678dd1ad46c4dfbad93ffbcc108a398185d94f6c98b0df002abd2fdae4536f6cff2a950b5e4e7d82977989cd6683e79021d010d70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
280c058bbcc645dd50a453d7a36d8bf6

SHA1
7baf8f310dd5500b42d39bc0ab27da79b4fb826f

SHA256
a77e934eab70cdc2d3cc7d7a05f91079f4f8b58b057e4041f2e720f8951ef618

SHA512
b70f589958f64823a6562d5ef1303850148d20717b5d9f13595c2167e5a1557ac50bf36bc0933c2db27336bd35e65d70e3491274a99729a5c5ba3bc35da0054e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
f4bff7e1eabe1875d3594ff329a6abab

SHA1
b933b8d81cbf13757f88b0f2677aef64855375ae

SHA256
2bc0d05e4aebc4a34cf9668fce330f7bc927b5d77852e0af05e4936188e9872a

SHA512
2f86c0129da075f38b25b48dac07881aef2e7b2ade88c6c168e97b26603f9fa34d52c85403d69c3b25c1cfb3ccf1026d4c21502a90739352a537750285cb29c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
c4babaa293a5bf7f927d3be4cae1f8f9

SHA1
1319280d9a4b0b162dc6249856b49fa2ea9dbce9

SHA256
e0b4adbd37db03479da21735c9a7aff5a622f7677cc6e47810872770c926d8b7

SHA512
80d53d1d3d59d9431729c6e75eae57fce58533f6f4faa34a9736631932839f54b0199db1e1d69e0193d4a67524bee0db110fc2be939adf5f535644d3a2e50bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
fef9347c89d8ff5f92e797127d9abe1d

SHA1
ff3ab4cc33e591fc75e034a9adfc6fb1439343aa

SHA256
8cf50454f36397cf4f4034820a17e2d1e5fab090f97808631346f33c01cb5ad2

SHA512
4e47d15e770dc52a47fa16496d07eee3643c79d027204b71d711cb7e5c934b9ab328f5c60eefabff1973f6e30f3c7c881b9f769b88045c83fa98fa7deed8ad62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
329142edc4c20d4f9c4a411f922a911b

SHA1
77b474be047635c5c0eb839b131ce60350f3f520

SHA256
cd7949b46d73b085acfc5cdce6a530cb09351bce68295862e2f641b45c7a6529

SHA512
b111880b5f8e0749cc4e50f00e003f68c3f8edc1bbb8c67c91fbdeb1dce4a09eb0eb6d14b2d68bcfc3368446dcf25187f5738769876f4ed7b418ed4f66e9be45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
5b2940a144ce1fc0d8ed5f7f0a196794

SHA1
db5d2c6429eb2db220a0bc760db72a7afec0827d

SHA256
476227dc61013b5372df5f9b5820dfe422c4ce7d6aad9d7e431b7f7c85b3d1f5

SHA512
a283c8a5295cabff410ef135e4361dde999e882d14928acf9c18d2429b975424485b355d5a50fb124c278c29d7d9468b855db347eb1b9d8e5b1f138a65c0efc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580cec.TMP

Filesize
88KB

MD5
24b7093c2321d2e2000858790c55a90f

SHA1
0a9ca83dca96c5dbf6743ec036479b33544ecf69

SHA256
3386f6cf076f59e714a652505fb60b7979afd7909bc84719eb031b326f844772

SHA512
bf6abdb16f8cecea0178d448b38932102d89234cceea7a479bf63455635ce024d63eacedf8e65f5d0e3ed1535de79efa63d5bfaf56cf1de186a1252741a4adc0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit