hxxps://3526261728[.]app[.]box[.]com/embed/s/92vo0wna4t5u3mf3crz9p7ft932hcywo?sortColumn=date

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240312-en
resource tags

arch:x64arch:x86image:win10v2004-20240312-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2024 12:29

Anybody with a magic link can access the report. Please be aware of this when sharing.

General

Target

https://3526261728.app.box.com/embed/s/92vo0wna4t5u3mf3crz9p7ft932hcywo?sortColumn=date

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559298116559585"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3088 chrome.exe
3088 chrome.exe
3088 chrome.exe
3088 chrome.exe
5012 chrome.exe
5012 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

3088 chrome.exe
3088 chrome.exe
3088 chrome.exe
3088 chrome.exe
3088 chrome.exe
3088 chrome.exe
3088 chrome.exe
3088 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3088 wrote to memory of 2956	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2956	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1776	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1168	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 1168	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe
PID 3088 wrote to memory of 2244	3088	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://3526261728.app.box.com/embed/s/92vo0wna4t5u3mf3crz9p7ft932hcywo?sortColumn=date
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbfbb59758,0x7ffbfbb59768,0x7ffbfbb59778
2⤵
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:2
2⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:8
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:8
2⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:1
2⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:1
2⤵
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:8
2⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:8
2⤵
PID:1020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4940 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:1
2⤵
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:8
2⤵
PID:1180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:8
2⤵
PID:880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5704 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5788 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:1
2⤵
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5696 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:1
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6004 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:8
2⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:8
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5256 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:1
2⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6140 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:1
2⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4652 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:1
2⤵
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:8
2⤵
PID:1472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=2000,i,16984564950808659707,15675976654744069892,131072 /prefetch:8
2⤵
PID:3228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor Not available for Magic Link users

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3d17c0ef-bbca-4857-84da-84de5b95720d.tmp

Filesize
5KB

MD5
a98429a3192b53a9570317df8382fe86

SHA1
83d8e05130a0c4f1b852b305c43a14444d5833a0

SHA256
eebc18e003c4649dcecb13efe47980b853e4ce6e4bdaae35b45ac97257c55045

SHA512
8b521a74c7a64dd482563e8d9ab586b172c16a6d907c2bbed9d8a761dbf00077ddfaa7a86e4ee28cc9502262f3fbc9439b9d8dcc002034347ed67f3bc41e7116
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
197KB

MD5
5e28e72b443ded036a4cf369d0dda3bf

SHA1
0500de4480a54243b12d096745c6ba04c9479e66

SHA256
15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e

SHA512
7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c722b085414709eeae69080602f81d6e

SHA1
d7645999290c3d60b5b350273efc1def31ef7ead

SHA256
fce0719c359881e2474bdb4dd08b18d8c84a7e0f8b38ea4140dfebc5b5d42f96

SHA512
f06c5c6bf5cc387fc3443a2e2ec467922d65361c6625d41134652fafc3d8e1d009f1811aba82722d940e18929ead082ddbbed3ba2812e8366905ea10485c0f76
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\04ac1559-4560-4c2a-bf0d-5bd612465bf1.tmp

Filesize
2KB

MD5
811b78095c03aacfa2211c5d27aaa204

SHA1
ac0df7ca921043aed310c18e8098c42f3104e040

SHA256
1394ad3aa51b3662e518f8967d2e6934bc106769093498cc044f57dee8903442

SHA512
b0d1cd7fb757a5bab761e7141f79c190f8151bae987b44f86f947727f631f66608ebeb0b0385bddef500485bce7ba234377cdfce6c7c0f0ce399547ecbffea28
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e9aef4d772e6f6aa7974ac18e4a279b0

SHA1
2c974ce19ca0792d5785f84449f7662655d6c8b3

SHA256
412195839c2289a9d0b26fa66e499879d5c566e76a2d6b2e3ef6ea1729108d2b

SHA512
5cd8ff0eb0fa0d8cf923fed2ebd118116ac401a51cd68e479546597901a8e3cfcfd5f04ab29be9a4eca9a3d7be1e0ee0dab6ac4736e127484f24dc8fd9b2a103
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0f123a0681dfce14a35f867b4157ecc1

SHA1
4226ff283c40349461cb30be86cf5c11e3181ce8

SHA256
cb9f29273944dfe1507e4740611ffc05cdb5994a34b82829b79a23e2a6617e30

SHA512
c538a941fa47866635a6fe54b6834e0877d0b48ed2534077ac8338e1060dd8d977ac2e8055db1cadbb00d15b83996bacba3fa64e14a68ddb5193e42e61299292
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26a99c19f11c8a4b74114d645ac66445

SHA1
2701067a7937e18708efe468e34a3ba2572f7b08

SHA256
1872bd4d55a2b3cbb42b5119f8ac7a1e790b0871e1ab48352186dd4f66a09d0f

SHA512
589426c575d5578bf934d86cbc95bfeb5df1857db58d5a3d13f02b83ae0af9587f6a0540dd57abf059f9f9aa6dd035857be49c2ff8b397c505bd6fa405e356bc
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1a1f02a3ec9c5db19b7c129691d7a777

SHA1
c1f59580aa2944473cc08474a380fbc0f2def743

SHA256
029d18669766a9f061c9acacf0491384f4b80c7ed47d134280c73d108d48210e

SHA512
fbf210276f317810bc65407b0668f5a813bfe94305af83cb007da13eb56a9d371685134cad35f66900cb663254e28db9668e4e2c9ccf6c77af249b0166cfea64
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
10623b921295309f1afebdb2317fa00e

SHA1
bdff2117c085994983aec55e630ce86fc3043e7f

SHA256
dce05afb6d3337116f16c7d1f87d9eef7558251dfb44be0e183505f6919d4372

SHA512
3bb1fc2d29905ede0442e83b0b2e03e7804892b4e595e21e2666aa7546a623317f3d09628d34156fb725254b73aa85c34d561dab86119cff37c70b5c2f9f4839
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a0b85b87558ad1e8158dcab41c4e87a8

SHA1
61c2fd3b7c529d9aab50c73b14511407a4db3f52

SHA256
0cd327de473125e678da266d100549c844b7bb1ec4da71340f41a6e5614dbba1

SHA512
f9e4e9b772742be4a8a329c5fd75e532d6d00ea9dd5529923392b0012a7a12878146316a7d121e4638dbf6b93d3758990d289d660e9643994967fc131f6acfad
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e0bebf987245aa3a41e543c74c976410

SHA1
8e64bc146cfdb691d289f14396afe740763deea4

SHA256
df4f718ba5484be347f239135417465b16674333c48f0953b0bb2d1b4833c009

SHA512
d419fdbf035bc7eb711ee0b9594767fcbe1640aa9d7ad5ef154839ae48c7c11d0d937ae1b5f0006cd550e14428a96a7d4abcff2c90944cbeef318f03d55a4731
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b446eb02cbd6e132c7de24202eb62800

SHA1
c9fb1bbcc93db1d5a0f34f2674d2282238d7e075

SHA256
c1e9c363889c62d76e2b4380b7db9587ddfedfefd7c6ed483654bdbc599dfe0d

SHA512
2c97fa434d4bd6feb9ba7aff98921ae74b94cde440af80c79fd9266fda8359a3fc44fbb491846a2fcace05cff5acf175644ff22e5b1ca312f76ff3caf261c6f8
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ef5a81bca40f19477825971566d50184

SHA1
7f763056302e3d5632035ba472f242566667bf65

SHA256
b4472a68121b8c7d2b06cc847472670ddaf6d790602c1049304b76228d414ac6

SHA512
dc40d89e3b01f06acfdc79985bc5107e2e026a9c89ed70433a4a07b05219988dd4afbf5e2327c1da0e42d788d75825a1992e6b43b56cca7855d6077e3419e565
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
db4299b22c0df0e50f28d8fdd4ee6882

SHA1
d3a983098019fafd4b35e1870062eebb168876da

SHA256
48aaf8ab185796ca623588929da81ac067b7ebbab686f0890829740789629fe6

SHA512
e6a618eb3c56f286a8a17c2f0d53430180e860253fd681035470b4896f8bb695c7fe51f408b9c23bc4beb84a5f27ff7562315bba994b077c781c1674b32df693
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
264KB

MD5
6493dc5c4df0ffb5c0e9ff6cbfcf2cad

SHA1
e7eb6603f19abae00a4a822e0b43034c92c68611

SHA256
58a02688ddd92725322dc7d44ccd5009414719337ec30f53a9eff30d3b9a1dc5

SHA512
c67075b649e4f5c7f8d6b299391896884e30137e9e884461bc47c37262fd703b575dc0891dec34386c8d7648226d4abe491d07bff8953c7adf5828154b6b8ffe
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
283KB

MD5
927ee17272a4ee35d129238124928ca7

SHA1
c2d42d4a1b077aa990f39d7dc7c98ff7cfe37643

SHA256
2d07932ad05261ef2265252b43b10a5e615c49256446ff47b7a543caef89a475

SHA512
ee9acf07d99d13dd9dfe541c89cb49d28b67733fa24e5c492695a18b4cb976d18b43a45548cce8256d8de649f4b5fa89a4ea279601bd5a3d456e569de13813b9
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
1807d80d3978103cd0ccb37ba3314d16

SHA1
5ceeceb00ab83eb96c2b1d9cc26e33ed3b6630b8

SHA256
ee4d233c216d2cb96736fffc51be4b7ebd89d87ffc2fc00cb6928e0a43490d6c

SHA512
51f261bfaca71df6aceb48be277559f27e46cb58781407e2c866ed30c81f9d20f767bae51e5af9739fd18a79fde6b1885b621c7097b24e12073d4e18efca610e
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
4fbd94cf684a5c614ace614cd39dec98

SHA1
f92660400780549f8ca1babae5b5e224378600f3

SHA256
239efdf79dc77b2a04a1d18925aae0962cc5af6e65f244d0b54fbdae80065092

SHA512
fb35d6ffe8f347389bbf3676200b1b5159ea557212e6a9722971ad7af21b93917103c0ac15f8f8a491a36460a530766c3cd0796e4b57f38067424cec8ddc080f
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
264KB

MD5
4ff20574564f2c1e4b7677e109c5f4f4

SHA1
5fda896259d4772c50987c24ba2c0fc797e3eb30

SHA256
5600aa51d6864eb109ce610ae4bbecc3bd1f5e4b01d4d894baa8ef8de6d4cc9e

SHA512
e74bf3cf1d32f2dede6e914df0d2d30889b8cebadb0193f39343426156db1470e8c226bcc3c9cf14a7d05979d8aceec20f909b09fc9a3e61df61944258b52e6e
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
1f407c0d29cfcae7a864ce4b7c148c3e

SHA1
c6688cb31216ce33e0fb35878674b8d9d511f3f5

SHA256
38c7703675648850f2eda7d80349e46f93ee68465786464e4f83bff4970f08bd

SHA512
46af7c0cc561ada977c970082c2026b507b5f7900576819528566c62ca1722da1358bd172fa0ce137b0fefe8173e22d51de8c6f6a984783d511254ee48783105
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59ba2e.TMP

Filesize
101KB

MD5
00d269246c03fb8d8d3074a12bcaf010

SHA1
f992d2bc3c752524c02790870ef84b844a98ee1c

SHA256
f32276bba213d36e93eafc55e2d37d721d40861c2fb313330a2dbc1b18d9e637

SHA512
1ae25edf7b1c4c3684ba1f09ca0d3953fc33e851d9f6596d32800c06e68b0da5d300488dce84157a45ffc9c64578e48b51f757e5f5aec2e5e535a406975def66
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
\??\pipe\crashpad_3088_IWJFVLWJXYMUBABN

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e