hxxps://bu-card50[.]ru/50

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
12-06-2024 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bu-card50.ru/50

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

2244 chrome.exe
2244 chrome.exe
2244 chrome.exe
2244 chrome.exe
5108 chrome.exe
5108 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2244 wrote to memory of 4408	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 4408	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2248	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 876	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 876	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2000	2244	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bu-card50.ru/50
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc2ff2ab58,0x7ffc2ff2ab68,0x7ffc2ff2ab78
2⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:2
2⤵
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:8
2⤵
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:8
2⤵
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:1
2⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:1
2⤵
PID:904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4300 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:8
2⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:8
2⤵
PID:1648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4536 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:1
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4472 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:1
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4504 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:1
2⤵
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:8
2⤵
PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4648 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:1
2⤵
PID:2604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:8
2⤵
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3056 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:8
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4692 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:1
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3400 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:1
2⤵
PID:1164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4584 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:1
2⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:8
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5056 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:8
2⤵
PID:1988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5048 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:1
2⤵
PID:4004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4632 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:1
2⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 --field-trial-handle=1976,i,14749432118702539376,15912329958150873591,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5108

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
21KB

MD5
00634e65bdfa3c77f4804e91846efbb1

SHA1
3327d30bc8cda8de217e4835843018b1d8a50b3b

SHA256
b145a8d4933e78e2c8373a73e88319f276325244254257cf9f38d15ee8226775

SHA512
dfe837e9b92a08fe533ebe223125dce8881c67d7930ca608b49070986982d2877a5f96af5c09fedcda0abc451a21c2131923360b96b10b33e10dc26e478bce8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
396KB

MD5
bb15b05f9a54bc1bdc2810e826e355e2

SHA1
149ebd8d2d50bb69099746a62ddec3f586fa15e7

SHA256
fb546ed74738f7787b5ae18489d8f36c3a1a545f07ea760c392f2d1a1531b15a

SHA512
3a012da184df06cc3247090498791722f9a3f0c22a58d64b720349b61e117509849ba16dd4640bf2e4339d378379c6a61e14ca4ac7b582ee25e3a172b078dc3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
27KB

MD5
638a4990025383a0f83ebf29bdb84a68

SHA1
153e8818dc42f598e47fde8cf398f1447649a4d0

SHA256
878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6

SHA512
59a505fa1a3bea1511e8fed16dced733299928b4081665d3e3fa4fc71d6f0ed0b09934805f442bf190c9093937e1494ac938167f9beaca0223243703f73efe87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
111KB

MD5
ece822ddf599587ef262b1b22bfeaa47

SHA1
d9a8d480342a2a675c61452df0957fc6773f02ce

SHA256
199b281472b5e03f92a02e91d4f0dc88b91b641f05670a74e1b3507e09b0727e

SHA512
910fafc0f1915a64933d649cea2b80fef570872f792320c49217b6fe60e49e2d32a7b0f698ccc7f91bd444aa62911ac2cd1da6897cdf3c0a27a3c54c8aa9d638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
43KB

MD5
4cfd2bf8b20bae0e4fbcab765ea29538

SHA1
8fc8156d558bee994abb82e57ab07654c8cef352

SHA256
72bdba0d0b95e0c41c313e72dd93a04ff5870e80fc9bc6e864841fc2a2439c33

SHA512
5e8acaf9af1c153ead1c24ebec44a12a016c6e48885f8c8f5eb7cbb4b65d1304172e194eed3ea364d526f2598b1049d3d6ab0deca7b5bec244f7b207de171f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
54KB

MD5
f0a93bd3d774b522192de22954ddb0b8

SHA1
07f5b5a8082716ecaf85446d587df0762dbee2e3

SHA256
9d347144f3c2a396a44bfc7bbf231fa2185d3e536489811fc6dca3600dce3597

SHA512
98cf4d476e2f9f9375dd3b16873e1f4c1b3720293f7bc2bfd2660922c2c2bc4ae088f9036682f79a4e8b25bc9eb5148ac9e3eefd3d964710e63743d4e66bf7c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057
Filesize
202KB

MD5
6a16cbefd2e29c459297b7ccc8d366ad

SHA1
40da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe

SHA256
9462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60

SHA512
6a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
5ba0e655e6051de4cca7ccee76022bee

SHA1
050bc18defb6d073cbc8d5e2da3c95b4deec3765

SHA256
4b0a6662a69e1e6eee27375caa8adacb684bc75ae296bc7b079c8046563b5776

SHA512
79220491dfc7dba2ad18593952b19ecd87d7c90d2603b63b944af3db7b6477c756b2bb8286fe95acbab24c656c2da8f748176be8c3cd16400a26fb1b8350967d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
744B

MD5
4aebf0b1a0744ea90fbb4f1827ea3a5d

SHA1
94765c0c11394c35a13173a57730062f9ea90eec

SHA256
f8d4dca1c22732ca5687d1a1a5a59c6383e1811f8c205d9ae369635d8e787e6f

SHA512
c15f2046e37158009e2f9ef4c0361e7279455daebba6ff5c51187c2850217e1fbef7d823a2ade33d28ec011d672c129e20ed2b6a1a888d896d7abe92725f0dba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
624B

MD5
9f4758220ba17a0f496ad15c002bff15

SHA1
8e6bbbd18d8b0eaf3d2b0388166b2aa918f0bd2b

SHA256
29de5cc650644dc067172b70358fafadc273123e3d66e184414c0519dcd3e4cb

SHA512
a3f1aade154704c77dcdaf21d4d7725c0d186d0e5582d1671abbbfd25bed09b2e6f8360424b5f9c86b6214aa915c699b9087ea4c90dd6fe11deda6889c4bcce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
8e9ea61628a94da60ab435402a87c434

SHA1
3e56b74342b5e662ae44ded12b0efb97d2f83330

SHA256
62429ac31f15a46ef484bc5774ede32798896607e60fb7ce5a542681cedc5595

SHA512
c8e14db490e2fe34d69cf84b4f106795700e35af527f3587ce0b5c10a16dabe2b18ec1afb0bdc0633585cc17a71390a494b2d9548af7c446acd251495c65f437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
76c1674f7c89f62df8a5787b0802663a

SHA1
27fdb29cc674ff301739acae5587fe4379000f76

SHA256
195b6e5b3b55b5c4c72640505f25094ac227a7e535ec3cdcd52e3bc8cfa42300

SHA512
6447d8fa6676bf8098dba096b695ce5b428ff6e7a2cc39272e7489d299e5179ddd205fa4ba088c21f6a548e5e17cd82f042977cb10b68a644d13239a437fd53b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
692B

MD5
cfd1b5219f5563736587ac71adbf6c67

SHA1
b2172a91fc3bc125455dd7cea4cd64ae5824192d

SHA256
253eeb00c6077167b87ac974b815f1962ffc727846e7569e306ea71d6d9752cb

SHA512
6f0f55716e6fc2301f43199f5262919b5f1b6d5b4150236832021b518117104328dda0ec169771e9a1facc7da5bc36c401f60f8d39395b707276081cdadd499f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1019B

MD5
1a994e93fe61a58b4e7e96252c86ba78

SHA1
e297200e8bddc6c347f4d1293bf67237d1632f95

SHA256
9b94b36470bfebd9885fa504de67c3e536c75511c024fde7a80c1d91a6830d60

SHA512
c8b26d71c8cd0ea2233e03241a899b3ea02ae77219ca9ee6c4092edd162c037727522f970c1e117cb20435751a355907f7ff874d1f6eb3820af7d054b6511465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
856B

MD5
50d15aa5c4dfe3f130cc0649320c5d9f

SHA1
4bb9dc6e43a58718422ce2a67d23e47abbfcbd36

SHA256
1c856dc019e1735bd63d3de3bbfd994be82e4d3d54b602615b1582d05f79e08e

SHA512
7ff9476305ec93815ad953c788754fddf05ff33498957f4a99f5a3228c6646f17951a5c2e9c1758f1d10a83f5e47852851ccaf2c7a55eda4a329f41c14fbf22f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
860B

MD5
dbcf33a3c23e7af4e4731c1533bbdd51

SHA1
d62936470e07c4b6d7d5ac12e2dbe4ffeaba4e2f

SHA256
02767aa1cc5c18339ca06c206078928e2698a2d55fdf6a58d5d6f5eb3dff99d9

SHA512
29fdc4ae609e53654274c7590383ccc78d95476a1b587a039966fa41f86aee2c6b545a7fbc48d279b6f2507555cf29313e758c7bc4142aa7f73bdb6f245145cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
860B

MD5
aea868f3f48fdb6e52e21da885eb5296

SHA1
5a1c3cb1118f4ffcf63f8a9c5deaf9108928d1fc

SHA256
f198f9cc006b075c969b169e95a337792a4e60e14702dd93b3a6617cdedd970c

SHA512
c2ea7ae990c043e8d9efe7bac4adccda0e891d0bcc758210c706691b92a77e148cd11fd49ecd44ecf72e9693d5a798a78aa67d250ce9a21189efef11eb178b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
76452c8ef12f371d7a224898e8cccaf4

SHA1
32e031a4a9b88e8a0cfda9db799825195dd22772

SHA256
c4b2ced840f8274404c15ec52251b0557883f1a1a7b394d7f5f7e2adc8e8ab6c

SHA512
2e0dabadeea152f3a8e622b2cebcb876b9eeb1ddf3cae55941bbd67635cb67ced4e83efb60c4ad6f9559f50e9e972575408812d19810b67b523b763d869ca857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
50ef38f33eb718b249ef7ee76199cc05

SHA1
de330814b8951736359a0d7a07035b853cf97a37

SHA256
aaec1b003c7d8a840a3a39122b9e8122e09b78c584c57449a9ab430f74c21a62

SHA512
ea541a4066a539500bcfb5dfa8ef701633bde716fcc9475ae993810c939e38ee0a16d5bb7fe271f7542dd734a5072b4f7d42cd3aa2289ba3047867631ca0f68d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2a7e651b75a152f80563013ecb741cf1

SHA1
84eb2373ab001a8af14b6ae6c4fa93007227b39d

SHA256
5345376482a5f994aa76023b68d4c62bc365a43002a9b9b04054358fb4a6f00a

SHA512
db715daf0e2a87076f99c6b323bb1d6bb6ea4a16f1a3fbfe4a8bc47e722f59530e8337218aa4aeebc6233dc9709076956799ce2d9898e9a5f09a6c4886da38cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8053e33efdbeaff89f6aab1502937c90

SHA1
c674e32003831b10ce1ce49a40d514ed750a011e

SHA256
b578032f3969dc7eea70f9d64b149c39bd6070f4b0f70a437953dc5f0f1a40d4

SHA512
8f2bdd580e197cdf0c0604035649354f0d1caf93eb9b0303f378d6ee2ed6ab471bfc4c5078cb388fdadc5db4da7f6b9937f848e8cbf46f3d0aced11293522a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
139KB

MD5
2851ca647dd1ac8dfaedad6d7a7bd7a0

SHA1
164ac1b212fda56051affaf29d8cc3972cb4f3f4

SHA256
1fdcc3a1a836ed6ba083a3fa635b7b8e2965866bf619b07ec9d1eeb76a72de5e

SHA512
fcb55afd3b050b17eb87910b22dba4bb728c4fcc14f07aa9f954db07c56f2d8c6b6da94828954f119504ffaa0d119814d93e0fcf91326f5d686e2ada5d73550c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
140KB

MD5
e1e9d71da7b755ccdb25cf0b61a2debf

SHA1
e2c4b93e43a3e6f7ba440f5bf74b1f9e54243c01

SHA256
9c0f0398c83096056ccca99c08771092a338fd5ba442c56481f53f62cd7c56ab

SHA512
ddab78900c7b51c75ce01dc20899bb4ca5114ce4105d265bcfb3f1523b241b3f76e6261e9c97ebddee058abc843113b1b020c96c8cf4a81b3b7213a558bf9561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
160KB

MD5
1e46d838e53cb308cf7ad58b9e1130e6

SHA1
50e9d1462c40d0ee381ab34d366facfa777fa270

SHA256
15eb5c2d17ed8e6342d0699d33b11f0de576ae8b7c20473dfd2a8880eddb3bfd

SHA512
8aa7804682c305c4ed2e3fca57c57188bf1d83566e178733db56875b5df02c598b94616f1de4b4bc98e6089f70aad8ac2e33ea85cf1a368f4a062f412a6b2c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
139KB

MD5
2d1d3d60fbbf6e536a0b3863268dfd88

SHA1
7d326198805d5e41d93d3690425559708cac6f68

SHA256
b733373e4055d252c824c749557bcd716e120ef7307791617424830b0c9304af

SHA512
d6adab14d0155db5fa3058bf42b1c02b54522d8a775ca5bd84b3ae152c2af503237a688df978db13e0ebdd2cddb98cb17c7b16eed9a120a9d02f9c4927d27fab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
141KB

MD5
4e09ec3073f2419975adae55a1c046fd

SHA1
a43d6e7b7aabea53804560644827c564c4b8f826

SHA256
3fc89b113bf388f6435858652247ba2df57b67e918f9923e81ca31eb9ee322a2

SHA512
38c54bfbeda99b4c1c85ace5a13e592ea817734c8116e70446583c2e952f40324745490429bc267cced6427f343e265b25b6c0223a214753bcb4216d10c98d4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
140KB

MD5
841cb700eefd2f5c14a7c301549699f7

SHA1
9bdf00d962845fae67be77d2a669c3f1d366dac3

SHA256
0ea4b24e37054b1726cfc4978ae713582ccc14fcdf8bca26fe65f48edc20438f

SHA512
bb98ff43f2d1a227872cd08defc7d4f4420074648510e7578e00d2c123e33762411a1c317e36008da0f7b67b1e548cc5b427c11741656966fef1cfe1dd453909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
140KB

MD5
9c712911c9228f4c9d89adeec2c30761

SHA1
451204a57ed27d6fe20bf8662c07f9c05b57915a

SHA256
48386cb41db4a7c4e07468d5a70c5334e632de58ea2e246ab3c334834d7e6bd2

SHA512
d9a314a35bf53faf7272d939cafbec300dd06982af41933623874566b179e5d651f887b4d0829e76f619f6c4306eb09e01cf49fb3e6ce8eb063dd79b9cdfdf28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
140KB

MD5
d4e353cd0afed47f81766365c0434058

SHA1
4d554dcd835e644b73e094a366be3bbee98b517d

SHA256
db23650bf4acdd9cf03a906dc0aa4a9f7f37c69604c943224c5335f16b4ded59

SHA512
31e8c6d099f7e8a50e47639ab58c6c48674f4dbe341d6fac1690e24ae73a1579fe668f54076cc0cd0b69978ab96d8b5b82b67884388ee9f0bd411c1f2ceb54b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
90KB

MD5
afa11b5db46e2c67e2212693021953c9

SHA1
ab7ed959086a676925bac7bead31bc0358dd2e47

SHA256
b0fdc96ea8c67331b3f3f5ac70a09c47abd76e6b5fab37d35cc5242341e4c78d

SHA512
f25aa65909f2d645cd3dc04f8034f6daacff3468d0ae45b384d49256de3f7f953f54c729a36167fd3e67a5dc57196bc9b333fe3a4b75ee3d8a344a9bfc2f8e7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cf22.TMP
Filesize
83KB

MD5
cc93cec521c75a450a5afb440c3ce603

SHA1
f38effe31ac476de0f71f4139282032a4a1754c0

SHA256
ea613325f393e41a9298abc3fe7c1a1252629ea2d6cc4936225231dc31079443

SHA512
c19bed586cf11d281dd30de091f9974c67bd2d6c02d5e5b74b18f4613c6fc639a677c11562ac9c97a51fbc5a82acf0d659ae5315b761bb6055e403e9419e23af

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
10KB

MD5
712b937f438a854a14a8a126e1689d0c

SHA1
9089f1c8b4ab38c2c136e8dbf6c043ba2ac795cd

SHA256
2383019a7de68a28fba5256916bc578d292548a74e4a9fa6efc5fa2fb1c76c33

SHA512
9bc46c8a1b5aa7b721a0eefda37366613b0c0799b2a8338ed456cfc020677f8d6a1b04b82530c72d6c2978c71c0f38dba86dc9bc588d820b7f0f3b947a2c0d21

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
10KB

MD5
5f5bad9c8f9ac8bf8cb23025f98f4ac7

SHA1
3979ad81d77d3ff4970e9a4178a24002429c74fa

SHA256
d276596a020e5de6a18e4b8cc203fd4a5da12205686c64513a07b34872ae23f6

SHA512
e13777b8644e99516430be41ed0472c2ce8564d2f7e8521247aa1e0ef97fa378fc237efc18d5b796de53d612976585809a14bcc759b1fb91f6a1c4347fa0e2d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
10KB

MD5
d767b2dbd5dc77ba5f2e366acff4617d

SHA1
14f7688d99bcd436880065da94cf14dd7db384aa

SHA256
ccc9f9d3ed631b83e21580c5accd366c7e8862757bc331e81fb003aa5850b2df

SHA512
dc485ceea5a289e26c1defc22afd5a05827bf984348819e24dc956bf778d5f590cdd710bf8a7f309d2953fc19c51ef6c2a82dc3e3a84c9e57196c31bc7ffcc35

Download Submit
\??\pipe\crashpad_2244_IWWXESUACMSQGEUQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit