hxxp://update[.]fever-group[.]com

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://update.fever-group.com

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT. 2 IoCs

phishing microsoft

flow	pid	Process
109	1832	chrome.exe
110	1832	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874054145355844"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
1148	chrome.exe
1148	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe
Token: SeShutdownPrivilege	5592	chrome.exe
Token: SeCreatePagefilePrivilege	5592	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe
5592	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5592 wrote to memory of 2840	5592	chrome.exe	87
PID 5592 wrote to memory of 2840	5592	chrome.exe	87
PID 5592 wrote to memory of 1832	5592	chrome.exe	88
PID 5592 wrote to memory of 1832	5592	chrome.exe	88
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 5720	5592	chrome.exe	89
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90
PID 5592 wrote to memory of 1432	5592	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://update.fever-group.com
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbfe4cdcf8,0x7ffbfe4cdd04,0x7ffbfe4cdd10
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1472,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2132,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2388,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4148,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4164 /prefetch:2
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4692,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5212,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5480,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5580,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5752,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5984,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5488,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5872,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4156,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5560,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5440,i,16345746865801066429,1915262189600449078,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1148

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2daca536e6e86a010875050481954d63

SHA1
de53a939784a00084abf057ffa55706ff8541e41

SHA256
8f9dfc8693c7ff1099153fe0b6a90d6e278cb8ec543356f85b40c54612e3075b

SHA512
acb8c3fd17624a45bc164cb7009a488bd3a5f019d37df074c8002001c7ffabf37a38163a7af6188eb7df41478d9e33efa7d4c1e2439773167a10d0084ef57662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
db779e1c6a690045fa7f005e6e69ed87

SHA1
665bb1c697f9a83809b4c494096580fdee8ac99d

SHA256
037aaca47df900aa3250d7246722bf7df5a7f241c645d1a3a88aec2626fb2c89

SHA512
3fac058b2a56ba43dceaffa82e09b447dc517621c236bd0d066f47d0ad14b81316f4a76cd43ce77fab3bcc1164c3fb75c68ac2317feaafd85cf8201efd8cb5bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1589e29acb702aa93397c4b55d8ac8bc

SHA1
d06b7bf555978d581e00e4f8e0d5a4cb13373e7f

SHA256
e41453e347ab85297cfd47804b1baef93ae58ac9294e6868510f12a67670d7d7

SHA512
c7df42b762a07433dff1315f9e7b49f2acdd1a6f147d24515676078531a8db51e866c665d50fcfd0cd9a3d96217aac93d414e21ae688b2cfac3289d22f67e4df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
37f77ffe8b77f3a9d5cb32295371763d

SHA1
c6bb666f44bbab0feacc02018ec981f2811a8fdb

SHA256
c0c4eab1ebd1d38ae016ebbd0301fae79caf62cdf8beeaf4c0414e293186fe0c

SHA512
82a55078e32df43095b14dfd86120c2a7edb3c845bd1b0d0ffb5ea2399e085ee4580c84f4af6a84d1cc120a4ca8d8d6c723c60a5f71129cf0f87c41d4c1d4b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8814f2be60dfd05657a0079ee02ffb76

SHA1
1f30d2d6cd60c302b96cd0afc96594a266621758

SHA256
8d91397c72c6f7d44ab2a596f558358349bb202055eb50372150317fb8a39a97

SHA512
1a9dc16a82b1826c1003eea158d42f97007b27a8632554822ae7c31efde6bc18c0b9d2c0f9803bb7d75d92e7e1beeb485171b970347d9293041b3f71ca19419b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
91bdc0d41c735200ce9a4bad894e5b04

SHA1
fcbf568c86cc5bd96ad551caa3fba246d68030fe

SHA256
afb88c6bbef9730adfc333b76ed2bdd35ed967277393e3185d29c72a982337ea

SHA512
0799695c1c456b5f044541eef2265ac1b69d0d513c50fba38ac35cb9b5124213e600087984b2296da5dc208c1b6ca6b52a4f226b6531fd71a4847fa461c3a48f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
480b9f1fc6b87a3151c715cbd65375f0

SHA1
cf79cb8859b4f1c6559628d2570fa595ed9ad007

SHA256
b95e4fc4c621a05653714177c1a1beeb84ae199b628347be45da703efa19cf3d

SHA512
0241dba3de4e58fff8a71942e68c412a02ca1a97325e5516980848be07051b8d8412ccf6186231c1b89f6a487cc4847d6eeedd5a10f0ba7f07d0cf2bbdd519b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7ec519a414c5d630bb69720feac8e0ff

SHA1
5d32b8f29e0029a4fce9b67bb6fd0f10c9ad20c6

SHA256
ef562875f766a3bc24a1165ca6a97e5c7c5cd709ac1019c4c914b8dacda8f893

SHA512
4a0ad829816523a09ac39db452740f5adc6cb209d59837a4a86c072cf4f034b0417ab457a6feb37aedca3aba57a35d48d78da5fa820c88217476ef830b78240c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3dd9eec7f20d7aaad2b5e3dac0315639

SHA1
8a6c7aece92561d18194251c66fc30330badb322

SHA256
ab346767b72f23b2315861dba9b7122bd197a21efd2e18ce2f2b49b94f938abd

SHA512
f7734f9874116aa07c11fbb16337e896ba835fdb7bb747bffcd82ba9415083a9db3b5b1397337bed6df77f51e46058672cc9b89f61413e13246e0e9c0a8719d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e40dae770d57e93e1af269a00ef684b5

SHA1
f735f5b1d9f1e55572f0e46e3699279ce70d8145

SHA256
89317e4b7e82f707c7c4558ec00d1a8729dc9bac5dfd462dd4f3e1d440e07b1f

SHA512
11eabf80fd6c9c18bb371650da89d2e50a5797e6174565d85b423602bbdef9fef3eb37267204473c07f9ce3ab0846f1447a6c5272cfd36a570fd38bd46ad449b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
328c996b51b6cd31ae0b3302686b612d

SHA1
2830f5d4e26278403aaf6b36de2c4273100265ac

SHA256
d036f2520fe83f5001b255f7008ebb03622edf5d1c4c9a89a786e31a1d321030

SHA512
abae3ccc6a0ff87b5ba8c8b5ab90f8af02ad9419a2d1f4a7259003d76fad600a81b8e953ac08ce93e00d85324041fb3a446fbe97b3b02c0a3863f2e645c31070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
78a9d8e14bd4e38cf7d2726e449d6940

SHA1
14008e8a303a0afa1b99bff3940aea4ca64d2baf

SHA256
e6d867517697ccd952309a1688886790dded7e500604bfce63c0bed4afe20385

SHA512
92414aaf6dc417df36e3ef025a8744e28299a43ee8ec0ee969b840ceaa6890d661a0703e7bb8b3fcbfccd0dc34eefb451670d8f1e558c93e5caa8e1686a65c0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b71b.TMP

Filesize
48B

MD5
cad20ac58e101b82516a8fea6828717c

SHA1
3d66532e563011367ca6e0b48bfe7f00c5d1d22a

SHA256
67d0435cf3084f0f29cd271af365e6f5817a8b2357e88b4f6b1d92a16859b51c

SHA512
7e78f354ace5542a1afae7580312f79bfaca93628b5794acffb95a08560b2c092e56178cab3aca1ffe51717fcdbcac885157f5542cbfec8822e6af00f204d050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
1d319ae18138557c090056c5b43f6c5a

SHA1
308b907c3f61a43a725c877ea2dcdaea871b6a57

SHA256
b0c5a99dac54cfa035a7b1d00b842ff16197fd058a6a5403119be687a8e4e87c

SHA512
fb775bd7b16ac50a27f2ac0f45bc0cc61fe33e49eeae51b44cf190beff03d21fb0e061718e778fc8a374a979b9dc5b2ea61af7c2e69fdafea6874e147aa3336b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
565dd5e79714962e046504f825430213

SHA1
39d6b8eb56db10f73d85f5895398e3a1acbb2525

SHA256
fc18029b11ab3e453c9391109f8ca81388996eb55437b71b864348a64de5ab3f

SHA512
74496f29e195479eee796e5f5677d6349e64cf2fb9358019a3613e16ef6bd38bf2da47a871d5f0bcda91a2268f3a5507fb6e41ffec59d1f0e34a8fc9d6fbf15d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
02963826fd6d9c931b54a45e1acefb94

SHA1
90e7a4f4dc9aec3c6109ca08a82a9c3c6eb1facf

SHA256
96b2adec6574461f5da60b7b256e41d3de62165da66ec2476337c1abda646652

SHA512
b7575213fa55523b09a3afd4017e72e63e78cc61e57a2ca10967d7e532c7d3ea4a98cce640a4b6f07abe7b31e225e5ba92d4404b06ab2e9180ac97c675d56b56

Download Submit