6cb9a0b3e3a90242f5b042d156fbd1a663344d9c985bfea9b7132be0bb14e8c5

Resubmissions

27/04/2024, 19:18

240427-x1d3gsef53 1

27/04/2024, 19:16

240427-xyrwkafb5s 8

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

275KB
MD5

2484e1d6ce7a45cdbaf3bf8fe4112ac0
SHA1

7996ec585a87d5f1b601c053fa422959788cf1f4
SHA256

6cb9a0b3e3a90242f5b042d156fbd1a663344d9c985bfea9b7132be0bb14e8c5
SHA512

bf31b099715863f248d348333b173daabce97598a9a35931e3a27513396b716f08b9fda2ca694ba71c926bf7f6a9f894054831eb56aa7c14123447829fbe93d9
SSDEEP

3072:GiHgAkHnjPIQ6KSEX/6HJPaW+LN7DxRLlzgEr:xgAkHnjPIQBSEypPCN7j9r

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587189948015129"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1328	chrome.exe
1328	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid
4
4

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe
Token: SeShutdownPrivilege	1328	chrome.exe
Token: SeCreatePagefilePrivilege	1328	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 4628	1328	chrome.exe	83
PID 1328 wrote to memory of 4628	1328	chrome.exe	83
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4068	1328	chrome.exe	84
PID 1328 wrote to memory of 4532	1328	chrome.exe	85
PID 1328 wrote to memory of 4532	1328	chrome.exe	85
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86
PID 1328 wrote to memory of 1628	1328	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff989aacc40,0x7ff989aacc4c,0x7ff989aacc58
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4880,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4540,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3312,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4872,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5100,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3700,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3372,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4364,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5096,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3276 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4888,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5176,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5124,i,14209346171671530668,14738901183690821615,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:2484

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
96accef5895fe17f2aadd81278c53cc1

SHA1
eb1b3bc446c963594f3768b780da4e890588b4e6

SHA256
139a5e9ae64051791758a96511cee4c0575969ed625f2521408deb1e4822091f

SHA512
771f73c9b1b241a2c0a9fe6346ba2dbb9bc6dad996c13f8483179e6d6fceeae579ac9d92dfa3882c71f5bc530ae18bcd98cd8b8df5f275f5a6103e084450ce3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c5d163c9ccde170a2a841f2f9d61cb0

SHA1
a3548d98262aa6c240bdf4aa6026275ebc6bd980

SHA256
656f79f609b2baf55a996574164dedfbfb7f9804687b77361eecd88509a5c133

SHA512
f54dcf71ae3e8795be6c6412fc97512ee4c0c2c436beec44cfdd3597922c4b2a7a5d76377587af223081e22ea4f6f764db6cac9ba4f6d5ec9809a3373a64cd1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7bfc95fef3550cdd9d87074ccb9c1628

SHA1
8a02b2303631e10fa88c695ebb7b4e6e32f192ca

SHA256
7aae87fcbbd2633dc818f8c6497cdee636d61affacac353ac791821a5f5640fd

SHA512
e7a186acd8cf0ad45cb8bc79b28a97de3670991f262f4cfab831e62ee5ad556117274f45370ffc9a16b6a128c7b6ccaa72896bc48032a1116a826b85eed7ae40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
559bbc25950d25bbb16c0118083df83d

SHA1
3681b129edc11ea76795454b2e632314a71df9ec

SHA256
84d5298e9a6d8a8294ca9aa3d20d35b9bfedb5b5429732e757cfe56ff9014d27

SHA512
be11cc686b175b07d618d9bf4160adb80a8e43acc6d395bc06c12a2e5e6405656706af277e2f0f4ef7e23fc2e3313909646278382435266e7ac2220aee3db802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
330e42c92d4e537eb9554ce96cfe3501

SHA1
b2b91c34715e852abed00c0202a49f39ea0f2d5b

SHA256
acc4b3547b519aa7f5b7ac143cb4564e4bc448a27850eaf67e33a5e865d71269

SHA512
7ce66dc34969952abb96fec5ce47d579bd15bb4b58b1e2611601516ccbbcd76aa94e7e5f7ef2930daf83bf43f4df63252d3e8e0b9288cd0bbc743d2d1aec9f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d0a88b6c62b531fce49c32db36d6d2c

SHA1
9ffee63ee7a7f3b8a69ee6c22ea3e243fa101d76

SHA256
954c97940149e272a5e8fa49082b3a1bd39622a49ff85afea833427cc141c2cd

SHA512
1a69a39416f539e72d4cb4f2a75947979da078bc5f3e618008bf3be7ab6760c868373bf29df3d4b07ae210cc22da3313805c956786c6f7f28fba951eaac8dbec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f57be79e215927639323a482b17fe9b

SHA1
bd2dcb7dc19e6ae474bf0472a1a5d342c6c845d1

SHA256
449f7f76ec8bb39822bd1bdff4290ffa40246193e73d401c1d3394d2aee9f667

SHA512
0b5c4c2011a293daa0610e8a0feacdc4f22ae507d50973d97d6cef247aca353354ee567bea34b89625d76ada82775539bc743249ba000f09e3ebbfe6c937b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3ce902432c61a3a1034c0b2fcc9c6863

SHA1
2349f489648d5f33c5ba3c9e9e5fb7a136a4d712

SHA256
b140618739db607d52bdd5752cedae90f058f3541e0ff05d5a03083240c31f58

SHA512
37ed92d8217b3828b781ef6287d4c24d15348c0e3bdb0421d9b60b89df62ca8f8c497306d7560744c0a11170996600556f6a9be306821133de5ec2514ad8d25d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f5b0422ee125a09aa511225aa84c2eec

SHA1
6e713e2adcac4b2c65de255df414d25fea460529

SHA256
946af8b4634ba3fd2c1e95fd51d2742b16dba5700538f76684bc132119018f8c

SHA512
5dcc94880957b2e32721e724c25ea7ec8e3df5f4a2bd9fbba2621a081318bd87d83f2f8e1e837b2c7efa55f3db3816c4b1880a3d727c8480556fdc542244edab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1618d87bd0c52cba5fba73bb8a12163c

SHA1
73317be74d6abcf0aff6c9e28cbe4525ff4fae26

SHA256
c6b3c6c8733e48751fd4990f032663ad21753e9be05b3e031d4b748f7c55eadf

SHA512
cadf07d3804d127cadca73138239b9fb7c89cb050adb2fbbde2b2d1435beae7d64785ccc543d57f5394ac442a5f37e13d05402332dd2b54325683d3675236701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
ba78e15f0e24fd1602601654ea88d4c5

SHA1
e4dc448caadac8fa91f4e17c1ad8eca17b22a72b

SHA256
6129ddebf15165c8fd6e57efcf40f5c12a948fd6f2830249936171fad91c949c

SHA512
756b4d200b91b3c20497d5b1bf3256736ed324f13475696d48728bad53921524a280a773e63669c9baf4aae65d6e743c7e91a02f342eb298dc0d6465d6c5e9c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
8a57cb5cc9f04dcfd64d3140b57f3e0e

SHA1
05dfd050a27b307b60cb092628206f2b7137e772

SHA256
d12123113ad5319ff1c3bdf3fcb430357b5806213fda27ffe4d1907aff899924

SHA512
e8a2d609a577801cb89fc014135782fafd637559a8d603605b1244106e3a13ad72ba3153d70a59b39eb188b6b1473b92b28ab4c8e7d7e66cb9f4aa4137b48b75

Download Submit