f23de8e5bd08585745a703870771fe1027ca40dc4269bdfb8f4468281a1690f5

Analysis

max time kernel
65s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 20:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8flnjugjj8s12p5.html
Size

309KB
MD5

e873ef46b999b19acb213535f37db0d8
SHA1

11ef974cb6e4cb2984dc155c58b091a53f32e23f
SHA256

f23de8e5bd08585745a703870771fe1027ca40dc4269bdfb8f4468281a1690f5
SHA512

f918ba24e4e6b6d7f4716f36f2bf7bcd3954c5ecbfff887f1246e72eb9eff14665877c5dcf60e548081b7d07adf0b561c7ac74f96216998d39aeaeaaf3fa40c8
SSDEEP

3072:hiigAkHnjP/Q6KSEv/ZH/PaW+LN7DxRLlzglKtaJS:9gAkHnjP/QBSEpfPCN7jBtaJS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522419932285335"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3932	chrome.exe
3932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe
Token: SeShutdownPrivilege	3932	chrome.exe
Token: SeCreatePagefilePrivilege	3932	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe
3932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 4928	3932	chrome.exe	86
PID 3932 wrote to memory of 4928	3932	chrome.exe	86
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 4420	3932	chrome.exe	89
PID 3932 wrote to memory of 1516	3932	chrome.exe	88
PID 3932 wrote to memory of 1516	3932	chrome.exe	88
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90
PID 3932 wrote to memory of 2036	3932	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\8flnjugjj8s12p5.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0db39758,0x7ffa0db39768,0x7ffa0db39778
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:2
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=6120 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=6020 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5676 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5728 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5812 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:8
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3044 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5068 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4776 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5048 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5456 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3388 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5192 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5240 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6456 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6440 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6416 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6976 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7136 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7248 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7544 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7496 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7844 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7824 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7324 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6812 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8132 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7516 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8432 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8596 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8744 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7396 --field-trial-handle=1720,i,12372941957449700719,3126784838818601305,131072 /prefetch:1
  2⤵
  PID:5772

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bb2cdf82802bf69b297c9fae3fa48e85

SHA1
f26dbf7984929197238377b2b3e37f974447448d

SHA256
29998264d3f24068d6705e32cb6306f042797a0025aaebda57b3c581a49be0c7

SHA512
00535865805747cb5fe10f4f67872b52e94fd0ce51937f94a7662254027919b13df4af538557116cd4a8002afbeb295c601a79d5e64c8d2d2de9cf377eba1db7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\51db2b21-3e57-4fb1-95af-3298db68966f.tmp

Filesize
6KB

MD5
1985378247e32dea903eb10f681ea958

SHA1
c87848759bc0b98340f990239e8168d0c1dbc36e

SHA256
d18bdcf748112a660da7f8219958a77b1db7cfd75bca6abccbfb21da922c267b

SHA512
a7219741a56ae9714757ea165d4c039d56ff0174fcafa9e64ec5f933e95778efa27138d12e9b706003cb4e5f399f47d1c17529222a67ffa3da95edd84c14339d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
17KB

MD5
043646af547f1b091c4e6fb82d01916b

SHA1
7620b820f705321ee142ef0b73bea7b2ddd99044

SHA256
fb7507e3aeec8ac35655334274c1697c7f27d6cda529ac898b430df729014d42

SHA512
02d6877e75e058c80f4dc4ec59320946dcc4a4aa1c519e7a7d6970058fdf69b262b8f5181b1b5aebb4e1833926fbd6b0a9f36306735f6f183367e631be7dc7a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f8a6c72983384bec708dcafa041b1510

SHA1
3d808bf4ad4607aa27db3ae7bb0da6240aafcd07

SHA256
35aa94b7d8203abedb67b0caef1b132728de6996cdddd486c1b88b855b311f38

SHA512
221552120a9b8c9a305ab8d6586078683195061cbd2e27a33eb62b1f7fdd1240ebf2b09617bfb64c4435cb4ebaa6bffde7c28d15a1bcd1de6b794c4289e22dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
18ef849b0ee374fc4eb6373bdb9479d2

SHA1
088ec16d0864975227ee1b98a4a7fed48c7adafc

SHA256
b49e3fe8b9c0673b5fdaf66f6fb2e21045695eb2ca96602b6604e00a12de4e79

SHA512
3bd4ff5a82a044cb117417efe1819016b03274392d09673f3627cc04c2d6e557248d0686fe43159077b8c96c0ad6e6682bdd22b83c5577072bcd28caf20ef03d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0c0f6035ded98786da9fd9ac2940ca27

SHA1
2770c78a55dec41a3101a58999a7f0909f2bf968

SHA256
bd01d3782061015d262275cd8af9922de44aa8283c8599f2d7c73f0669091dcc

SHA512
e230c7e643db970d38da27070510814c6f8389f3b5dfca8c8aff209f44d687a5cdfe0f7807b73488476792fe8ab98827c7e920243ef9920977657c5fdc2b423c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
462f042c6a2d0421de2951351d75bb42

SHA1
c69d022a6f61a0df19676f8608146c4d5279e31f

SHA256
6b009618c0be538f0fb1f688f2faf01841d2c18a22022d1fbaa94e345ae19272

SHA512
e84c04a8a52d8c1a3933b9b19dd8df037edb760b90ccd1b5c33c423e9e466347015b130c2fc7dccb4675a8a7274aaefced68d2f6aafbaf2378151e650d007ae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
af9b7235caf115403d4a0f0e56acd45c

SHA1
24fd3252e345458070ca12b970cdd1b8cddb6daf

SHA256
7e715a9815b84d9407a448da6ad77843b6e5772bda259ebc98b5e9938ceca786

SHA512
fcf2f76ab41428c0914f5f29a42c0f9642516c6ef58c81e359dbf57d1e7b3a80e34d547cbba5aeaa3999fa1748a9dbf174818086f98fef332792e854c7c395f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bb5b345ee5c871147adfc854e64c06a2

SHA1
2f461bcbf2ce39710270f9aa743a95e1fb4e693a

SHA256
04ce425f88eb6f85a4ab966fcfa389e8b07f51de3636d59ef8fd42a8574ba621

SHA512
a7fb79134a53e63efd3063013e33b46cb00a036181a95a0bc5c6cbaaeecc0b2ab3ca0d5684565b8ed38b8e477977b4a278572a79cdc819d870eb8b9466c0fa35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
ef03368427dcff3ad63c5ecc4ee7cb23

SHA1
8ca0fd708eaf62c7bcc9a2ab34bcfe3e7f340e5c

SHA256
e20a62e42aee36295077db7f431963ab5ea1c06d0ee9f3b2ac17cfd26b79f25c

SHA512
2e405b9143e48d844b36dab048eec80b90320bd2c585b0a5c94fdb65c16545a674949710d23cc157e82e7b28760af02bc5dc3adc51c877795dfbcf525c9e7049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
cd8fec4b3c939e4b115e2b7ff779a286

SHA1
d0e3742b5a3214ca01eb41dc5e95b27cef473817

SHA256
70b382f7638f5f9be56b9b27d3995376fd28af4ba89f4690d2edaec2fe82bd31

SHA512
08957a9dfa2021a9838f0435a86f7dbac411e2e66ab3e1316341d09144975e71dde7af5c28d3bfec974a4096894538069ac400ca484e68ef14d3a95f72b0241f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
df0057e6ab1ed5e4c8425a9b43d0edd5

SHA1
bd0c57e1ac714751e72bdb7bf82c2682997e43f0

SHA256
553ea731bd48152f8fc04b871e04b06d273abd8791b8e4c4ef8ce2633c82f130

SHA512
9d7d965cbaea859d37043af70022591c0f53bd8dbec94fa8e9d1995874b8c78dec82ef52687f6c7ce840908d431cfbe788dd91c689468ec045ab730d5331973a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit