58d07509730781a051614f1603083690fa4401edda6f8343a7bc8b22b016cb01

Analysis

max time kernel
63s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-01-2025 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Free_Proxy_List.csv
Size

16KB
MD5

4e71112e70a0ece9f2ff19409c9b4ba6
SHA1

1f72404ed2428e786a6b505c41e0f9e61c4afd9f
SHA256

58d07509730781a051614f1603083690fa4401edda6f8343a7bc8b22b016cb01
SHA512

1eaa55643f3a878bf7ffe1127952ae57e89494521c375bb7eedd8436efdb35accc04ad7a2468befb103d2212c139cdb445e5ee417cefe181dfe62ecb36a15fc8
SSDEEP

192:ZWkf4jsoxXQqIK+AD4dIH7/s6VSOBHVwFJON4k4lsrMjLbqcJru48b6M2iG:sOgzxoK+aH7/tVStw4dlsw6cBlM6MPG

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXCEL.EXE

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2088	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
348	chrome.exe
348	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe
Token: SeShutdownPrivilege	348	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe
348	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2088	EXCEL.EXE
2088	EXCEL.EXE
2088	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 348 wrote to memory of 2720	348	chrome.exe	32
PID 348 wrote to memory of 2720	348	chrome.exe	32
PID 348 wrote to memory of 2720	348	chrome.exe	32
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 2628	348	chrome.exe	34
PID 348 wrote to memory of 868	348	chrome.exe	35
PID 348 wrote to memory of 868	348	chrome.exe	35
PID 348 wrote to memory of 868	348	chrome.exe	35
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36
PID 348 wrote to memory of 2528	348	chrome.exe	36

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\Free_Proxy_List.csv
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d19758,0x7fef6d19768,0x7fef6d19778
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:2
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2124 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2144 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1588 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:2
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2816 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3420 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3872 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3780 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3776 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3632 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3404 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1316 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2368 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1128 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3208 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1512 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1140 --field-trial-handle=1468,i,18157993482427218058,11683323565232716396,131072 /prefetch:8
  2⤵
  PID:1652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
3618eaf3d9c0379319aa89265d01abf3

SHA1
b669db206db435314008b10bad429b16aaa95c90

SHA256
9bb405c1c2ffcb09410b70ee2449be7e99704210d7ea0a35fa3cb7b27cb8fa63

SHA512
875865ca4292ad53594fec6cd4224b66072bad99e507f72daf034fc19e64c2f01af58f8c3c92b701c91ffb8e5a02621395a7b3a2a2ed973783967b0224ca14c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44ad024256211a6684af703d3db9f228

SHA1
e959bf210ccad6ef8ac7eaa7666402e0c7fc00b2

SHA256
87a61003aa64640c6aa5d75ba85e858b8fd860a01a348d605dbda73f3d9af886

SHA512
88f94978f62aa4393abcb51a5c914ff55127a8c794b195d665d24e44baf48d63441f0758669bb6b2c57c7a5258799c75ba5682d4eb9a922ee2bad716e7ebeb9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c72905e9d37ef98a7581efb189eff1c2

SHA1
6302d121b4b5e945a982819e22cfd67a630f75b9

SHA256
af69d982218f36f593f931f6036be7ff130fea625410d6aeb452e0fcb3f6f2e4

SHA512
3cab0688771419ee192b720ceec516d29f1cc46eb8e920666110e1200367200d252df3b34296fa9678096068e150ed06fae3b965c8318929c3e1a2b72bdd9ffd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
402bb486243fec6f4d68c78bdf3f515e

SHA1
eaeac68ebd694313b448410ee4b42a287d1ae5ca

SHA256
10f5ba2e89ce2fbf083d015cb73c519f3e50ef405ad1a06042900fc9ceef17a3

SHA512
8fd54be5a0ea4095d7cf6afad75e338dc2ac6156995e1ee9ccea61199c61950ed96765acddd782bc47caa80695cc9b4c0d18be1619ed41dede743ac8c2d1fa0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b530f6c93e0eac17f7ec04728d17d80

SHA1
31c11f8346c7212a1e22fc4910f4c6713ad862bc

SHA256
491c3e1d05fd887039cc2131ee8b49e00dec159d0def428e34a28cc0b3d6c120

SHA512
24e99e39b20a892b635b173cd15f9591a87749c5acb595316920617d76a7b0c743f16acec8aecdec74c0f560923df63cc2ad9075fcaf745dbcf5eb456adcc0eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fef2e916b14f2c68442f58e727705ef

SHA1
863270998fc47ea87e56429d003830cb9eedcf48

SHA256
2eb5273de78784afaa8ae40d6a303a495def226d3475905607144fc8a8b4c560

SHA512
94fa4aa12428313b47dd32b048ec5a78a8c02c1d31f03f1c614090cef1b1b1ed88a20e244e1d0e877950079a956dad42d7f5ea5567132a1b80e02cb20ec1aa09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88261299f35017bfd9a6bf5dcb201af3

SHA1
8a6e068607f8d91117051b1110307037d179f890

SHA256
76ba8b0b1b9ef37ebe2f34f15582fc16ba00035a647da05c3e047c874a6c0703

SHA512
0d78a8da2a0894d9e9196441bb4eefb4c61401539c0e79c487b7409a4f657a3e3de92d559e81d7e691c29b6921c5ad168d263f0e171f2f065c1d069a43750976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8acdb66fcd5cf307294304293eeb7a7

SHA1
f84304ae55b30537ab13d39bbd7a65dcc465ea30

SHA256
f8d31a1df587505d2e1c0d86f8bb26b365f8e31737971f691a7b19e3196febc2

SHA512
11743ccbd62856f0a9daaff854c5a93ef5997e08d93552be3f75fad69d2296f8645746f621ab2a22a5f555fe8f308a6c6f1bd602ad1ef7ed7e8f45702131a3e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94420b80fc30959327e20bd1c14cc1eb

SHA1
8ddad023b8a5d03178108160c1f68a62c75fa11c

SHA256
4bccd474bc73c6ee7e4b1b87bd0f2b8635e8e9988bb344df8a8f427bf79ffe56

SHA512
368c8318d059e951a3559057653a1f479dd7dce180e2a3572351fcb078fbfc6707d97bec48119221908d1bcc19f2d708601e664584882185258dc57cf695b27d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3000c3763ffcfc364996499c85d393f8

SHA1
60d7a5ee3b5423f783ac35d8fc5da0fb121a27d1

SHA256
8b586c69cee9c50be57bd3d45a23a6b03e8e8b985a36c5ed633ef977a207ce8b

SHA512
2ea095f3caa29ef4d9e96dbc764102d8744b37e09abfa7e436d7ea4a84c79207170f2a7c1c07931e66ed954c1c3637ec28fa63b9d09768f0f3dd28f159e63c49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84cada2b75cd7b102c55fac1b83517da

SHA1
eb82570d2a1e2b4f5ab14fad376e6ad6c5009974

SHA256
af0fb7878cbaa2d9d0f304f10f07fa86e8b9fe5808a3f03fa88276af57a90885

SHA512
1306b53b592420ae307dd5ec0724abf437991457a8ec238198cc56ef2101bc3fc0db04ba8d9989cf4481ce53429831471e856badde1a558f1ab4c003b6c6c59e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47fecffe4c5367fbd814750363312b46

SHA1
c7920fd0664d3858fdd5f6e794d5830a5fb0f5ef

SHA256
ac11949e168439836ad21e7e69d31249b19d993ecb32fc5199774335e7d80f22

SHA512
ab5db7b6b851434d8d2f8a496f4d2644b88343f56a48a83e9127fa4b8f33e42a319813d7dd589239562dbe9e55d2ffc2d382e27943102a61b30c385dfe7faaab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8c3aa322af315cc09932e082a1e5fb4c

SHA1
a7a10ee7537e6564c80129005af658e2141bae9a

SHA256
c0d9fd21d40c6e7268e7f21bcddcdc4cac50b168aa4785cddb38d41291b934f2

SHA512
b27f597de001aa0ec0761c0a040619e8028668eec3d610cb89c8e7a1e81e45ca6d68d641c45fb0d6d09093230caf730d3467abc4298e950fa3471bbb8fe5e0de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
2f065f64e7b87e10c932fdbeefcccdc3

SHA1
024cb07faf7451700ad123807e13e1def07ccffc

SHA256
69e96cc8ad191a24c6a51e4f7bb1bfc68073b2c09d528b179840f0d8c9fdeecd

SHA512
6f9eb79e04c8a6be22edf966bee120111fe92c9a7a5f700bfe31f8a58e5408eaede82f9a8bc3d021f57b8c9613bd512a4b8a2bf38d8a4d77833dcdc09e70f2d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
7052221832aa3a3820c92d2ac0d3432b

SHA1
b35d28e9245836272710c36b809d567c02042552

SHA256
c6262aa60e2ba0e620f97a7e1ada87cd528a8b14beb15090eda8b608bfa9b349

SHA512
212701d0eebf1f48d2894b6446ba1059542fd1755d2cd795bb200e1432b03b527fa76a40666833412b1522456e59859d961c85ea2b19a7a56309375c05c6da3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
26f846f3083b2e81beedc51b3ef52819

SHA1
c753bee17f7da2761f44057ab25e99a5576aa6af

SHA256
123c96b7b5e24538d355558540b6040553acfb872a3a86ea1f0aea4af1814475

SHA512
71c151c97779880864d7af9de29c5e0847799ad1a31287ffd41979f9524576f6ea7def8c6e452ca2f61d794367ebb407e4dac83bd998f9c0db39315fcfc689fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1e3c3a20055764c4504c96c62411567e

SHA1
7128f8924e55b0a4e7ee7fa60234ade64f85b8d2

SHA256
d9f55816e2d70534a387d8a18c06d0ee1d14c625a51ed3adeecb26a0ba5f9488

SHA512
c5792671470eb58169ca54bf7d0df27a419529d923f522b4489ecf63c0cd6acca42a27561c27dddd4d01b51f59944c56b18b2422e89fd5bae51b32c7bc854817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b63c03cc380cbf77fb71f82b994e7485

SHA1
761be4af5c32ce6e26e685db4e25e26cecd8ed99

SHA256
ae0510263cd1fef9c8134b50166c9a091b6b0603bfc808f3e09db2b63a26cffc

SHA512
4417072d88e49ff34084ffb43565daefdb44c55c4d71d93fb442e411e2866f16dbf2a95521b2a6438906d1ffb501271101531e01feb96023d6fd57f80c119182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
752a0c6ddf0545e0f2f9c5d00daa9152

SHA1
aca9270b08be7c43f0cfbd694545ac2dec7d1a26

SHA256
af6a0475a7bf2f6dab4ecebd11f4e391e61f69204dac3b62f0601b3350cf19dc

SHA512
7f6d8a58824db664f338b833b33073a5420061b7e0b64182612353ff283da92de4f3f20f7d293e2efa37709a1b6e66df3762e33b16e66996597a5ce525783015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ef0f124a3c8d4a0eaab765e659e06a9f

SHA1
485d48c3915d748f8e5732a0987ed34e4f360890

SHA256
e5f288fdf46d9b8ade6763aa6edda2d39153eef7416a5b6ec3f3859a0c5feda7

SHA512
c08b776e86ff22a59f6602ab9dd7a735593339d6dd58ec30cda672f73356689d857948c3141059c4c2a900d0a9b6ff9a33d3194f3932a3ac6840ddedf37a295d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5136cfe22f12b6281f7af566634d06b3

SHA1
b38940a5dbbc5ed3993661581e3b0269995a9a71

SHA256
81fbcf6b38add992d1d849d4850b088d5589cdafb9bb1d497bba7f60ddee3d9c

SHA512
e527bbb6457c8ab87406944113b20f94f18f9f7f360da3aec14ef2b672eda9f1441ef1162993ae97c4c974ee938b9475367b095cf4a860d091843727e988a79e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF8D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1099.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2088-3-0x0000000071D4D000-0x0000000071D58000-memory.dmp

Filesize
44KB

Download
memory/2088-2-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2088-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2088-1-0x0000000071D4D000-0x0000000071D58000-memory.dmp

Filesize
44KB

Download