hxxps://dl[.]dropboxusercontent[.]com/scl/fi/aemjdq0ejt5gz34awvr8y/Tax_docs_2023[.]pdf[.]zip?rlkey=ny4lzf0xd5j7evt5a8ljii7hi&dl=0

Analysis

max time kernel
210s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dl.dropboxusercontent.com/scl/fi/aemjdq0ejt5gz34awvr8y/Tax_docs_2023.pdf.zip?rlkey=ny4lzf0xd5j7evt5a8ljii7hi&dl=0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571652426629081"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
4304	chrome.exe
4304	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe
Token: SeShutdownPrivilege	2572	chrome.exe
Token: SeCreatePagefilePrivilege	2572	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe
2572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 1948	2572	chrome.exe	85
PID 2572 wrote to memory of 1948	2572	chrome.exe	85
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 3124	2572	chrome.exe	87
PID 2572 wrote to memory of 4496	2572	chrome.exe	88
PID 2572 wrote to memory of 4496	2572	chrome.exe	88
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89
PID 2572 wrote to memory of 4960	2572	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dl.dropboxusercontent.com/scl/fi/aemjdq0ejt5gz34awvr8y/Tax_docs_2023.pdf.zip?rlkey=ny4lzf0xd5j7evt5a8ljii7hi&dl=0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9af7e9758,0x7ff9af7e9768,0x7ff9af7e9778
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:2
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=968 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5364 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5652 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5792 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5508 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6028 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6052 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3076 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6004 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6048 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2988 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6008 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6044 --field-trial-handle=1876,i,14651518002746929934,17938469587911189856,131072 /prefetch:1
  2⤵
  PID:3232

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4044

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
761B

MD5
3eb428d27b458c1e665ee8e5c4ffa9a5

SHA1
cdbe926ae8335319da1f2edac7eb20af9bac56fb

SHA256
09f14748abaeb362ae7796f5f7aab77dba01a275a13c544be5493db108a5f272

SHA512
4daa68a0bdb3a42a60a9ad08f6a816eb58ef45c7f7e4056dde1513ece66699a9982e8fc6025aa0c9f36214542bb416260e57e28198957de5b4f5310558f8e16f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6c95c6a3bd32eb5f43c39bc5e5e08ca2

SHA1
9bd3c595a3e01915c0631cb01b879ad5c8211c34

SHA256
d428a2fe29ecc32b8897a151fb1de929054757a06b778e83473fd4ccfd0f0ba7

SHA512
36dfd0908d8921c5b4b30736f0b9d1c42bd8390faa2ad012144aa88a50ae1aeb15b07276b7485aeda7cca9d653a21e21515b2ba027a6f3dfeebad5d0428685c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
15de12eb6b8ceb05b5dd681b4002d15e

SHA1
4988473ef66fd0feeda66b2fad7ed29525a5ec56

SHA256
7fa3a2fcc48469e03c44a14ec154d0ea76c673500d2a03a0ed1dea087611bcf3

SHA512
61fb861401cfe0f945ff19314cba827f5d98a0319cc441dfe42428bcb29c1e6db310cd509fb2f4c65e09fd70dc2437fc842f1ddbd38f60eebcb707e6e57a40cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
5961a433ad9966c76b7577da2bed03fa

SHA1
ce3fe08c236d905cb0769c5d3c441df9fba39d0a

SHA256
8c25f90819d7d60ffa344578bd2ee904b9dbc9f68383e34d1c51a4d82c741efd

SHA512
0b44bac64d30de6150cb3bcf0dc285661e10fae3165dd75c32a34c0e68c6082fcbc5b4872db18000fb14df83a96b5950b9bb3f3c004bd0d757d04ea4c714b4f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
532B

MD5
6d3eed493d47503326e03a7e2a6fa605

SHA1
bb59df7aeecec447e6156f498ce1b4eb194640a4

SHA256
c6af12f3d54a76da3215a93e5b5ca8f715e08045da76089b94efdde63bac7a88

SHA512
545a7496f9e3f7ebad42a342a5fe4e047da022e77d3f44c6845ec7d26b330d9c594a69449577137e4d4f66cb34e75970a976a112149d1509431bb71205872d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1de0240abf965e977d668b9b3dc3b786

SHA1
b8f50f167c6f87bfea2515dcbb452819c84309b7

SHA256
7a4728d7df6bc0ee5577b64a80ef80a6b2bc1d48684791d30776a93ddc5c203e

SHA512
ce86596cbc49423ec184608f62d7cbe9295e13f594bb5e4de1ffb3758a2b7cd46e667e6c7b99b6ba9bd01d17fd5341d3b53a44ce4dc2f79ff8455fb3949fee64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e3bb3ec5d12810c89b32a2968fe21f3

SHA1
589482b70a44204697d05d44c96f0c7e6e97c7a9

SHA256
0654042e4313b7c7a65fbe64e9fb93cfd1fd117a1b4cfe5290d310245026dfae

SHA512
ba047beb2e8176dbbea70623a1d5ef9281017a92541e7253d1b0e5970a421a9af5869ec798c34c1bcda86eb317aaa5e00b5a950dec81f15fb53f05d0fe126b34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
70f3240543b3259b6148402c8487b1d7

SHA1
444b0a3a5af6d406825ef879f15ce351f29ed0a9

SHA256
9ff700ed981657eb476fa43391b08e069501da603460b31e17d807f53111dbb4

SHA512
bdcd3e3bca421acf4ec8edb9386464ea4fdfac90cc67989d827cf5dc67498a20a48aa38ce441dec11d51046d3c1888d10ea3ad41602c6a976bf9ab10930a350e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
d0267f3886da648bbb58992c9778c648

SHA1
2135de6628aae5c0972a9d27f979ed12bcd22fe0

SHA256
140e7246c67bdeeeee357156cd9d3c2991732f24ea78bd1e247c80b10a9788ca

SHA512
d4c1f78624e1f725258fe064b38e94aa5f4ab66bb4cc63714710a51252894adc989bef668896b86a2e19b5de64204a099c71cf5bd0f05e7049b0e427c8d792d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
ea43b3693393a9df532cf7832415ff50

SHA1
d81d76faeca7733e0e7033c5afb69e99aba9c884

SHA256
d3a34dfd74fe0653525d08c3c262052d45d03751409941695d49fd23041f4718

SHA512
fb8b5a7e3e248005a872ae477c5f8e63510f882d820ba46180d9f2ce32e257d66efc0ea9c30b2a95cd321957bdbeeeba6cb2c5ead0a0dd831dbb8c91425356bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
138f0808a32845c29e246852215db367

SHA1
8eca0b97fda14feea9ad468c2b74eb897ef48a45

SHA256
7b047501dcf52d2227b2229d9e00e78c83c959a6eb322b881ccd9ca75fb1e10b

SHA512
1255546ab4759fb46df395c577a1c95dfad9db5708eb82df35e1a262ed6844b57ec56e7a085154b869333e01dde5d58f5b87f20ae005f19ca4d4b516f3d7a9c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Tax_docs_2023.pdf.zip

Filesize
52.0MB

MD5
a37afa1b4077ad691d53a1dffc978dac

SHA1
b8eed4c6f337a99345af9712af3195b3732a849e

SHA256
6fd0a21a24fe28473bf68c50270301586821b9510a01a42fec10c9ed6e21057d

SHA512
ea4aeb6c19f2a64945bd4e6bdc7501f5bb9ee4fb9c4d0aa7f215599a86c8fab1aa2979a3b6033c97447ec37e94fb0456ec10c98a3a24d72f9fb1f27dc5639d1f

Download Submit