hxxps://objects[.]githubusercontent[.]com/github-production-release-asset-2e65be/791894727/2496d11b-d57f-4108-bc6f-33b515b3a95b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240427%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240427T175126Z&X-Amz-Expires=300&X-Amz-Signature=860dfb3ff3964da9a41804c62430c60e40fdc8571834bd368b5ab7ba3aac0cbb&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=791894727&response-content-disposition=attachment%3B%20filename%3DSetup_version_x32-64_online[.]exe&response-content-type=application%2Foctet-stream

Analysis

max time kernel
159s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://objects.githubusercontent.com/github-production-release-asset-2e65be/791894727/2496d11b-d57f-4108-bc6f-33b515b3a95b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240427%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240427T175126Z&X-Amz-Expires=300&X-Amz-Signature=860dfb3ff3964da9a41804c62430c60e40fdc8571834bd368b5ab7ba3aac0cbb&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=791894727&response-content-disposition=attachment%3B%20filename%3DSetup_version_x32-64_online.exe&response-content-type=application%2Foctet-stream

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587142329282466"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3480	chrome.exe
3480	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe
Token: SeShutdownPrivilege	3480	chrome.exe
Token: SeCreatePagefilePrivilege	3480	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe
3480	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 1716	3480	chrome.exe	84
PID 3480 wrote to memory of 1716	3480	chrome.exe	84
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 1448	3480	chrome.exe	85
PID 3480 wrote to memory of 2712	3480	chrome.exe	86
PID 3480 wrote to memory of 2712	3480	chrome.exe	86
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87
PID 3480 wrote to memory of 1896	3480	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://objects.githubusercontent.com/github-production-release-asset-2e65be/791894727/2496d11b-d57f-4108-bc6f-33b515b3a95b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240427%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240427T175126Z&X-Amz-Expires=300&X-Amz-Signature=860dfb3ff3964da9a41804c62430c60e40fdc8571834bd368b5ab7ba3aac0cbb&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=791894727&response-content-disposition=attachment%3B%20filename%3DSetup_version_x32-64_online.exe&response-content-type=application%2Foctet-stream
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd1bbcc40,0x7ffcd1bbcc4c,0x7ffcd1bbcc58
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1852,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3656,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4612,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4608,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4448,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=724,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4828,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5092,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5064,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3372,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5160,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5244,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3480,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5236,i,13884456323049101445,17363671437343979642,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:2020

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3296

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9815174e65710b2d72fad351d7266942

SHA1
1a327c635fc74b234840d3457d864f2b354b40d2

SHA256
ecb50a82022ea8301ad51d6b59d2847bf1554a9eb770032f00c891313ad86b3e

SHA512
7c5d9109f5b5c305449c11743928f123d7e1db5d362ecdca4241faf61434d4c577d297f2701181cb8e07919772dc3bdd3b74f97d2aadcbd76b6425dde7842b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
60071176b9c3dc98a6eb7b92804315b6

SHA1
def615cadacff0262d9478b04486806fe2a4f1b8

SHA256
9e9950df4117664d38528d97cd49e40aa7ca0f9c7593f6ae234a8a385df3f0f0

SHA512
7fb7a1cc8ddb489810c46278b8bde396ccc5f8e4e6c7aa628b80d51216abfcc8c82c521b859b3f61d1efa1bd3fe4984a09f70bb81f08f58c336d67e21639acb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71e5e403a5314940b999d8afa2c54b1d

SHA1
0c4c7a4b9910d1bb995f7a8e180c10780c3f4ec5

SHA256
7aab272c349dc300ed4603d5f382e78662e18babceff38daa79019ce8c43a905

SHA512
5100e98531322684350d1c9fe87d9dfc8b463e509db431e270d79bb0c8883d2ec892aca9596e8f13cf52f3e62077ef7bc707409518fa0fe1f37e34138f2af4e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9182b5eba23cfec013875b50ac4bae5b

SHA1
2d362e59833d9ee9790d5f4adca573112de2f8bb

SHA256
9fd7fd0ed12096be744f11315f3c1900f94db51508433fc3e3fd447f06459625

SHA512
0a72bf569d64e47e172b13924075a4b05f3bba52bb21a1190a92c9ba0a3a85f4685812e1a74da32097a3047c0b6de04131ac4aef29831c3860251b430202a618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4cd89c247a97ca654e0c775c7e7bc1e

SHA1
9b2b2b8a857f6017455db559b5a59d2ef452b18f

SHA256
541924b8751f5aae49289f7431c75ad120c86e1139021d090893d35db811b450

SHA512
66fc1bba47fefd26d37048245b98e26ae38c95768f3d736bbf47abf88f90f91ff42d0895c17ab4847d66321eac55f600ff321d5352c75c36b7387362071e44ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f263ea9b507e683a0c75c18a500fa0b1

SHA1
2787f6ffc98b89023a36ba0bb20de1546be33ce0

SHA256
02839f467a570ae4ecf31f6018091d38f7d20cce7a397566aa076676e0025512

SHA512
3c1ffc6a124cf2c2731123b508489d63aae735d0929f894aa81e08c4eb522d2c25747339b106391005cedfe5cf248f73f904a1d44101f40428e17aaebb86948c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2fe1b629447f10357d24005c3060567e

SHA1
0f2cb2e33d4e4d07f019cd4a340aa4ae8e02c984

SHA256
2ee1a23f3c8710f36acd7d3f056f8c3e5ed3ea740ecfbca0e35e1fe3c0f0efc0

SHA512
5f7ab375f1fa163ad15289dd458b2b3d3580120f48e909913c9cae9d007e64ac6d8b4129320398ef2e722d2afe21b62e61b05917f433bcbbb09a8d36733bba7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15f1ce0fada3effc8e4fb47b989dd9ce

SHA1
736ea97bb6d713484b1e3e513f870ceabe03890b

SHA256
dc674f5686dff250997319cc3b3a03929665feb3fdb7531753c70f593c021ee5

SHA512
128896b173220dd217cb4d7b2dc1237f67bf72858fe21582dc54810f5b729f069864fc4d597f11429271da9be04e0491ddc488d34e547fa91e5051a5aa1df44e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf4e6445dd181b0aa4199b4923f6c712

SHA1
2cf67e699f0cacb1125a5119b04f4869df26bd2c

SHA256
03369a62f207295697d4425a7292bf940c283ae93383eb087fea0c00850eed65

SHA512
0942eced77bf01e21157074af5815383cbdc77caf75bd082af8c08fc5abb90f0ec870ccbdc4995b91e9931d07f3a8067b636d8713000470f77f198894bd86a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1c1dd6e3ef5c4944e1275c39fa35487

SHA1
a6807f37c99380d7b39cd9d22d3166d77b0dbe98

SHA256
1ef4221d45a370e44e8952ee496c2e6aa5e94a6fe118e858f9ae8149218dddaa

SHA512
7d2751403fbf7ab7eed6ab1fbe5d0f0b1ac895191be96ace1f8449be324d2cc15ba691e0bec5e462f555097956ac54ed8281ef4e603a0536dc25c7b2f2a9b63d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
de63bd34b7ceabef3e3db96ce71599ba

SHA1
021208bf8d0e1f1241502f5e7483a9396d0efeb4

SHA256
3e19e27fae6dff94de00ac7f620ae603ad6a6e249b60041ef36c88a6384a2b90

SHA512
d1638a5f1cb3cba938f271411680033a8ac6df4a0125cde6dc593de2c015106826f8064c0f5a5067e5b81ad18bbb519b0205a93b391ac70081f648fe8a63ec9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
63865e8f2cd249a3615e266c6b26cace

SHA1
959c9ef21b102e329de863d5d083ba4e8e92c390

SHA256
38452cd10e986e0fd007869849d9b4ce375bc69e361557edb44f84f408c0a498

SHA512
6c3f68a8af2da94e1e1b1910df63467738cea7c2e639b6aa6ab6f6618ead623592ce76c832a56fb0be53e38948624b1ba4e894e043ddc9a6cca7e716de39484d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
4ef69d0a2cd3b178c43051461bc7609e

SHA1
1ba4b43d39b6bcf11880b6f82123f701cce18ca9

SHA256
ab24d0cb430e51dab7ec9bf49ccd563544d6935cdb880c380fed821a2ce3af8f

SHA512
02ec15fd740cdece7c2120da39d03834b342daadb0f8d657779c5fa6333cbd0c71c756d1d6b6a8d4b9a966bd7b45bf3286992fdac5a7c05e67ec323247153e80

Download Submit