5551635d23a74325974b3fb2f60bb4f6a3a4be154ac2fe6ce7a9578c05f2a059

Resubmissions

28-06-2024 19:58

240628-ypy4ystcql 6

28-06-2024 12:45

240628-pzjmkszerb 6

28-06-2024 06:35

240628-hckg2awblc 6

28-06-2024 06:35

240628-hcfh3sycmm 6

Analysis

max time kernel
1199s
max time network
1168s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
28-06-2024 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19229f2bf1cde52ce17523902381afbc_JaffaCakes118.dll
Size

2.3MB
MD5

19229f2bf1cde52ce17523902381afbc
SHA1

ba61d9ddfdefa1e8bb7409e2ea5dfb901cb82521
SHA256

5551635d23a74325974b3fb2f60bb4f6a3a4be154ac2fe6ce7a9578c05f2a059
SHA512

a9fbd234737bbbdbb0e2aa97e7877725cebd255d74abd29ec3c57ce0cbc0aa166ce230b67ef0c70b95809ccdd78b762a1d009cf0296753987698d9e509a263e6
SSDEEP

49152:ht94hFwJ5SK3AGMhJt2bKc4wYRhp26hbKD0QbtoyRt7aF:TqhmvSK3TMhJOKyYRe0QJo4uF

Score

6^/10

adware stealer

Malware Config

Signatures

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\NoExplorer = "1"	regsvr32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640783149744988"	chrome.exe

Modifies registry class 5 IoCs

Processes:

regsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\ = "Antivirus Plus BHO"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\InProcServer32\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872}	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4532 chrome.exe
4532 chrome.exe
3400 chrome.exe
3400 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4532 chrome.exe
4532 chrome.exe
4532 chrome.exe
4532 chrome.exe
4532 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid process

4532 chrome.exe
4532 chrome.exe
4532 chrome.exe
4532 chrome.exe
4532 chrome.exe
4532 chrome.exe
4532 chrome.exe
4532 chrome.exe
4532 chrome.exe
4532 chrome.exe
4532 chrome.exe
4532 chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

regsvr32.exechrome.exe

description	pid	process	target process
PID 240 wrote to memory of 1816	240	regsvr32.exe	regsvr32.exe
PID 240 wrote to memory of 1816	240	regsvr32.exe	regsvr32.exe
PID 240 wrote to memory of 1816	240	regsvr32.exe	regsvr32.exe
PID 4532 wrote to memory of 764	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 764	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 4820	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2536	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2536	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe
PID 4532 wrote to memory of 2100	4532	chrome.exe	chrome.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\19229f2bf1cde52ce17523902381afbc_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:240

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\19229f2bf1cde52ce17523902381afbc_JaffaCakes118.dll
2⤵
- Installs/modifies Browser Helper Object
- Modifies registry class
PID:1816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff95a45ab58,0x7ff95a45ab68,0x7ff95a45ab78
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:2
2⤵
PID:4820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:8
2⤵
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:8
2⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:1
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:1
2⤵
PID:3212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4296 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:1
2⤵
PID:3388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4236 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:8
2⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:8
2⤵
PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:8
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:8
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:8
2⤵
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4980 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:1
2⤵
PID:1096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4684 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:1
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1796,i,18411840675416944008,11728138620582313232,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3400

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4748

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
a6a0e9ec4e34fe8d03a912bbe6e26db3

SHA1
82bd6d19dfc558e11844d2b3b27580cf6ee5ce41

SHA256
2db34b20c8b4e978a6c08df0d099170f96e141ea3a4658fdc373aa2f86f4ac74

SHA512
8002054652ab934dba2befaa07c0f69a13331940b2e8c1b70c9b9ba0802c09d360eb9f5d55f26b70189211fdb929cb6c92681b17d5fdcef74b5973499fc4c410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
5b7cc6977afd262e9f17ea8118ef3188

SHA1
917fd6bb56c286a7464ae3cea0292c7253b25301

SHA256
a59534dea4a27a0e1d6107a3a66f024768ee8a0b90c103b822f74a5acc9cb6cd

SHA512
4f840753d9879dcf404cf54bbd2a3b2a556ec041ef59dca0ff0f06f55197c5e0550c20b5f4a4aa9ef805f72e019c0568fd6b112dd36235d4e93042000839d1ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
a239a25edd9d076c47c398e8ba3bbc14

SHA1
998629445ed268a4419f57da0232283decef8af3

SHA256
75021568edffd675da0643cfbe0553292a7351323e8f8d8a109441f3f7b5fd1a

SHA512
20fa8d44028c0e6e40867d75860184c561c59aaf35098412e10bcfd1efad881a2315d833e672ca52db95fd2e8c84cc3e4d1782bfa92215fff387888ed29cc0b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
5f33d6a41fe0e2b82d62962b25c60053

SHA1
04ce1471bbd94d2f48e5535d370b768644fbd270

SHA256
c196805ffa14edec435465c07680c39b275068a9499153c05cccc96bd0c68362

SHA512
589dce4c0b950cce5b54748630a8c00ea2ab852454fd943a66983c8590fab5e544973ae820cd6a30de90a348cd9bd116d63b34c482d85f301bf60481e5d6a153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
be0f6277ed30eb1ea83d74eaab0f0462

SHA1
422d8cbaf4197b6880673607d55e8829daafe136

SHA256
ed5feaccdc687e9e52838b155dc3324b6441a6a1b2e1332e33d60adfc84db33f

SHA512
69dfffa8f993d76943d89a764a403853e8c177d764a0471bfcfa954a2616f7bfc4017e436774909ecaad7d2c1820fa2545c498dcfcd6ef06bcc4364b0cd2c627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
ae394af4414c546b1c0d2f5777540003

SHA1
e314ebc6a62a33a1cc86698b9c68f1a3e952712a

SHA256
7ecc13f7d11acc0735f21ce3a48f9efa226a8300461b6ee423455fe406b1b20e

SHA512
f1ed2ab70dc40ffde0094f8a8a003472887dd79a6c4de11478a4d38252a71afad25567025ecf85a756f6b8532696f931108495d10a87f8a3cbd6734f2e1ac327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
24466091f67990cffb60bfea1247fc94

SHA1
a6bfc1575bb9023439c9dfd84190be62478c3dff

SHA256
6a49db487da7725c64ac90624f75e40f9f9428eed601e7507eaf603577e0c44a

SHA512
c9872a0c6cc3f41b6d6c2fe013bb8fd811767a542ddd0260905cef76fd7e4390471d6d5775a5f1f23fb0e3621689c5a2b61759b5f972fc306aa3fa8351935de1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9d9aff0a179288a31bd8fffab0ebc7c5

SHA1
0f073f21fba266c7f3b4dfb4c03b6bb359882403

SHA256
4e247d698cda378e6875e0ba9843df9c43b882eb473994ca43bf7e26022adabd

SHA512
4c859993111f08388892db8ef00d3a497553d0029489d9fce941b8936d6096c9bc1a247e07ce5814f6f4fa4f29626bb00a1bc3b4ab73371def77ee3d0042850f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c266ac692f0a5fb4146d5b11a1d0ccfb

SHA1
80a70e55e6413b60faee59ebe55c0e62f29bb30b

SHA256
4b85883277edcad123bab8cdf42b396bbf21d0aba251b29a5c0724787250123a

SHA512
8421f1085081b042dc5877c46a81ab7a1c6408ef47bc8ed0ecdf75d23047093d42594976c3317539b68f199cba8349652c200ba096fd3c17a069771e8c43293a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
d814895a15fc4eb3573e457acf752e09

SHA1
ff32389daacb714aea45483da0298f21997bb6a5

SHA256
05afb22dcb938dceb0693fe852ab7ff3c09ffa00e0892086f29963bd351de30c

SHA512
f81e26fec50fb0d7b4ed64eb815aebf912757b6f694520389142fe4c700873bf96073a623610d9e6c39f4c85d879da22c1ec5355bbce9ff0f10d17e80227dbf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
281KB

MD5
6b71a7a34b172a81807d06b45d5b74da

SHA1
03b4b3bff9bb3e11649f19a114dfdee2320ffd19

SHA256
40277a3425cc1c6007bc2c972b9ca3b6a192c897525fb7d09c9d06450a8a170b

SHA512
63a8cf0291c8cf16bb7443f7c63d4a1521cb5b2211b845454220eb9e4606a71ea2fa0769da0d0992c4abe9499c69817152cd7cb4137e3e55ee2cae578d0bde43

Download Submit
\??\pipe\crashpad_4532_GGYKWPIXVFRJBDZT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1816-0-0x0000000000CB0000-0x0000000000CC2000-memory.dmp

Filesize
72KB

Download
memory/1816-5-0x0000000002820000-0x0000000002A62000-memory.dmp

Filesize
2.3MB

Download