hxxps://shrt[.]asia/XkRPf5Iv

Analysis

max time kernel
100s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shrt.asia/XkRPf5Iv

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133878276762355223"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe
Token: SeShutdownPrivilege	3904	chrome.exe
Token: SeCreatePagefilePrivilege	3904	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 1792	3904	chrome.exe	87
PID 3904 wrote to memory of 1792	3904	chrome.exe	87
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1676	3904	chrome.exe	88
PID 3904 wrote to memory of 1976	3904	chrome.exe	89
PID 3904 wrote to memory of 1976	3904	chrome.exe	89
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90
PID 3904 wrote to memory of 5064	3904	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://shrt.asia/XkRPf5Iv
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe4c82dcf8,0x7ffe4c82dd04,0x7ffe4c82dd10
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1940,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1540,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4392,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4440 /prefetch:2
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5196,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5112,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3432,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5672,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5880,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5620,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6004,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5816,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4444,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5872,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4548 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6196,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6216,i,17766218778327932252,15638540395687788075,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:3572

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2076

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f3d51816b8e7c48c341e2bf7bf7e7f5a

SHA1
3442e11c01950d9b350417a57689959b05781f01

SHA256
e91a101490f9e8e59bf370aa77e1d9fb3f0e6537919b871074de5aeba3b5dc74

SHA512
a5e9c5f0e8b311aae1adbf2a999b9c82e6b28ad6cafcf60eea6dd9436ab9a26fc0d700fed300a056e88e98772b14d08545c03fe7aa062c61ebf97e0f1596c043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
642d47e8f2d1f771f64e774b46bc1fc3

SHA1
4fc66da51b43709d2d545474ba2bdad09535d572

SHA256
69c0dc096a2edda97b68ac7d174f107c95160be47a406d7a0376a4c86964a568

SHA512
fc4711da37bf33b2f4d80f2f31c3dd29fa28e000bd1ee0125a6f40c0548016ec44f9a101574624ba04772b5f16df6bac63ba0dcfb6514a3d83857bf100e9c338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
62501986f948b8fb972e69827d4ecf50

SHA1
0c9b9ca2745f770d3f683f4c672ff1d7e3142d6b

SHA256
930008840d86ea2073d6b137f41da24a01b2efee378db5bced8359a2c856ead2

SHA512
1bbc2bd619e89d580ace1f2109cc8f0b225587dae61c6ed2b8217a6023d1f7a76cf127cbb519aa19f5c2fa77bf8c80970376082e2c906f499be8bc54538984e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
f9fcc2ecb11d60029ceb13eecae70c7b

SHA1
3811de8a9bd5a8e917f8bad27eb75cf4bc63ed79

SHA256
82d4ec43175500c0110d0b7ea66776613d67d7dad835e7a4452a40600ed296b9

SHA512
bb9537eba60be63aa0892c11b8445ba5e38304e7042f952754266beb2c4771bb994d752784a77a5f9674fefc9abb7f2f3495d743488754adf990e6e74e8a5567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
47e7e19748b884a113b8cee68430e156

SHA1
cc73df7fa3af3b7253ce3cc68243807b7ffbfb95

SHA256
a75ac450a202389bd4d317b729dd612183a65a56156d2dcf4af4286855fc3a87

SHA512
6fc812c18206676a53f999c993d0a3e1d8290aec2939299d93c83b0e112a14e27475df6b93e828abd6bb7b39322ea870e64cfcd6b712a9835231d9af38d95778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0ebb36219fe019dce2db469650364209

SHA1
74682cc6242b0735e55b9fbdf7c61c54427740ce

SHA256
d485fc5b4662e4bc570ea737f9f84590e3637761700312cd613ea649c26f2027

SHA512
1fe1633afeb5bf59d24cf2a43e319da508cace0ab1a4e36d3af4181e47f12fb6c4bfa126ef2d372025bc89c7605d1f46ff5cca4af15269730621865ad4c9c875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
d836aa57887739967f0a971a8f25b474

SHA1
2bf95a4333f364145ff28ae73cddbf0e0a7ceaec

SHA256
fe4f7248fa2b6206bfa51aa81164a961a5a13d0b439a7f2d3aae4f7b6f108d7f

SHA512
792b68a7cdf7660d9c43d5bd72c7e37658faedd3ae82f873e33a642c0d900aa9a16ae15ccc9ea13adad282f02283c438a4f691b5ef298ecbf112ba8f4880a4a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
551bc1ff735768232613b8bcc8036d61

SHA1
8fee79fd77e866cce53ca9275d414b8280a7afa2

SHA256
0015f9d485913e5a0216dc05a7688e2ac7765dd2e35d546e3469dcd5444df1f2

SHA512
425040a9c145ea9fb47933bfd12939ef245d6be2f3b0fc3d6ba5ffaa8b008202303e1dd288fdf6029451e623e0d6783a586b7e18f341fbed2c5e6c3ecf82ec4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
126fe8687e45a272906b58f94887af07

SHA1
40f68a08ae47a18767edd3fe5c66404f2a9535bd

SHA256
d14776b5109902115d5ada8a347e4f9dd2c241f0685ef11632a91d12d129b422

SHA512
b43437d7dc058cac47e7a0c1139e7bcb417429fe8588620909666f18503c43c976cef96895d4f2d2fb53b7ab96f3c48f8748ae5db85cf8a426b3eabbb04f0416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57da24.TMP

Filesize
48B

MD5
50163c8140a35451106f7721cd0d77b8

SHA1
cda5f36c3f2dd0e067d24cfe786b4550708aaf1c

SHA256
7c0e5ce5a738c25c0053a088ae74e8c7d2eb695e89e169e61a6d2d9157b219c2

SHA512
7e3157a8daf9eec6da5497a763ea8df600d933c1f46b5e5631c3f49763df6a4f8e3a81c44e51db77b4c0b4eb8441c488931ea66ce4ad7e83f8593c825e2f9447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c27f8918b8271fb8b412871b450231c7

SHA1
26fc0af2be69021a6ed18ef2f0a74b0c80e34be8

SHA256
879d4d63d086b50457c8aff0ca8bfb95ee9334412137267f82a36c03f0f5f1cc

SHA512
2afa8a912aae61b6c7328d95129357747f780de318b0af8f7b7e5fa157177739bbb360cc4ca1c14e12f09c7043b8c9aa7d7e9b0139ac7dda795be0a713d85773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
8977a963653bcaa6fb38a7926aa4687e

SHA1
f9c1ed99f4cbd5290ea9d16e67ff1817c31f3a1b

SHA256
ccc76b537bb07223ba09e569323daa0ab243c18072c0195e89cdb33fa2d358ef

SHA512
d0bd509771b56d3276c8f93e322e923381d20e8deab7dd94c14fc7d688eda43ab0dd55bd17ca0106ffff9b01ff612958872d28017da6f358741d42f1779099dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
48f522c3d7c54aed259d71458728bc02

SHA1
75d1fba0fe56014aa86a78411348c37a297a3678

SHA256
80b697b301f4d7da7a6b5b23adfa8842704b5108aabca8a9ec2a1cc8ce6c0ba4

SHA512
d38a5ff72acc0f63b168f7f94608422d2b659662808bc3f03062ffacaca20e7cb779a60d8ed8da3f2d29edd7a4a2987dea29ba80d85b43264273d3332bdbf936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
4ba462b892cc154dddc303cd280fcb7d

SHA1
3686ff52996a403203a5100c9da7e39245552bf7

SHA256
13878a19ea55d1306c710c4ba19d89f4ac82ab76dd5fa91626777a26b2e4c3cc

SHA512
75d704b55d78789c600eab62bd746d08861594c751c6f62f61128c1006166537ba20e3572a89f8cf36eb41eb989e106962d93439b1f1577c8a86a5c327f19303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
e0ca2135367b0bd64a15395219d8de6e

SHA1
b08da368a9cb97702bf0f96d2b0c328d50d6351e

SHA256
94ef158816fc3339f5345e7f8599e91a907d14e35e50c3c5c29293206e5dfe07

SHA512
2c84a869984cacf5dec0e02f29c3423dfc638b031cbb935b91632f3c7652a6e32ff0b0626256a079f4a0c577a46d3391a80037174707675d988fbe739139c5d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit