74fafcc357a95cf19078b2489e9b8e8713cccf2b83398ae4c331a30bb9d87934

Analysis

max time kernel
256s
max time network
260s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
01-05-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

app.html
Size

542B
MD5

ecb096de4aa7a595b66aad7838cc5115
SHA1

64f67c3b8d9cd794d473726e57497b8e8d0c52f1
SHA256

74fafcc357a95cf19078b2489e9b8e8713cccf2b83398ae4c331a30bb9d87934
SHA512

2f91f1842606c7e70db93c21cdf66ad7f88564a76887f51456dd845d022a88d746136b7074492cbfbde296c900b5358d273af33c5c47b6c5c718afbc9e85efb6

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590188882063402"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3928	chrome.exe
3928	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe
1776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe
Token: SeShutdownPrivilege	3928	chrome.exe
Token: SeCreatePagefilePrivilege	3928	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 3776	3928	chrome.exe	79
PID 3928 wrote to memory of 3776	3928	chrome.exe	79
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3824	3928	chrome.exe	80
PID 3928 wrote to memory of 3800	3928	chrome.exe	81
PID 3928 wrote to memory of 3800	3928	chrome.exe	81
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82
PID 3928 wrote to memory of 3364	3928	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\app.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff250fcc40,0x7fff250fcc4c,0x7fff250fcc58
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2148,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4496,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4512 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=1040,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3732,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4856,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3236,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=948,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4512,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3348,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3180,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3252,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3208,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4704,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5024,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3200,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4760,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5100,i,15396848040347267196,4359550295792619104,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:1248

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3288

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
38fee11cda408723da0e7b03f3d376d0

SHA1
00d7299cdb6ac8d9b534b2980e84ce66770f3b72

SHA256
b23e0eed524b9d3b9b0a5811bd2ed4d8deed42dc85c82f2353b9e17645b15874

SHA512
50a541d73587018edc1fcbb68b28df283f95c550193a90b300de15f2124a90fd536f72430cd98ec8803a68cb874ec94fd5eb7c6c1ea469c014e201fbd077bd34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a2e04c735d1765c72fe13444f917a7bd

SHA1
f2875516a896bfcb6ab5fcb1701ce686e41c4ef1

SHA256
61fbe66831a6e60ac6f23b54f1de64b96e536df7b6f5a7259dc1060eca5f5c5d

SHA512
a659d4521e314343cd9b8fe0e1c57ef5ec85c03582adb905963e922fb2170b7ced453fa5877df8515253449f5a225d615a0432cb69141514244575b853f948d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f78a1b9a16ac45da1aa8dca9e18f82d8

SHA1
1be753b6600b99a961d61975eaaf340c6ae2ea39

SHA256
d3be58305631c27e9f329026b6879b064c126918ac9513ad7e53be301d265321

SHA512
ae0c96d3e9f87acb57dfc49cc80b0bda13a754eba8ba471d9b8297c9e5ef18a4bcbe77de2c26c5db156c0fd7318fee24fa901771488387a5f67c0cd46d0e0b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
eaaeb910b4f6158e7e73d822ce43d896

SHA1
c58b1bfe4a4ba04b10616cb71b3a869f305fa4e2

SHA256
499cf24c48a6c72205353caaf44492bb1daa178edd5b9c55189dff6dfc3d7818

SHA512
03bf746e0855736e935513734dfaea1cc2be179e201208fdb34dd6d92cc58d2088b8032e1fd4556e324ebd65251b8d77cfeb4a86d0edd7efccec35aa371b55ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e483943f79db9c21e2febe8f255e271

SHA1
61953e339fcee87895ac72f6efa233fe3c68894e

SHA256
a7d63f00cc645d6498350aebc6391c0b8b7c58fdb9c08c21abb4ce02b1b40d20

SHA512
191c8825489f5de409258a6422a4e98e3f15d7975815d6c3221b239ede5020225e9938926c0d3cbd216e62eb727257a0d13a55e2a7e2517ebc879dc544b9202b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
866ed57c90ffcbb7eee2bd512c37f154

SHA1
14d41c21546d658d820949dfe099150751bfb067

SHA256
f94f1d38a3e9c6cc758e186cbf4da68bb6df227c8f5cb72439ef33684ec52d94

SHA512
e8a80a54652f3b459b1f6b8dc77176f1f353a937f148e9a364ac26cda1af7dc51ebdace4e3c602bb1811a4cf3598d72d1d1f3e685ef84f5922fe19cd96c8e587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb6e8941a1c7f4f998afcdf167ef69c8

SHA1
5c6b5fc2d48c3b1e34b6870da09db8de828cacab

SHA256
989b1c9374488db472759f0b7d30fdfee87663597f4a9689893041e1d4ee4e57

SHA512
1f7d46d6afb96f328a93aba0f046b7793097f4907abbc134358ddfcf8c5605de59093694dce182c1a83ae926983fd072f5be4b5ba4f75bf9807102b48a36f1f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ee3fab31fea8b3888a858ccfa80e523

SHA1
72dbb3c076cfa4d74da391b13a6cab1711a080dc

SHA256
8ce16e768a8702fa856df8c8a368f2d019707f3fc1cb3d397f68a4ed20b41034

SHA512
b6a22eee79c05d275d0e603035136b2709cdbb048b0506573f83f4c2783188c5a027591476aca779acaa5e11e290fcd3e2064039e21200646514bcccab06e241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aaf37794a297c159c0ce90b88259b7fb

SHA1
f83ff03e567d936698de57e992a3f003a9085087

SHA256
a6c2de6ba3bc2d19e2ade3df785259623a22da7b1ad1590e543c428ef6469d03

SHA512
9a648a939724d9c66aa4739bed14607d6a67e038689242b6950649df82dfd4be58fddf8a6b06c80d8c8af0e570c98fe2c63dd2e47ba46d43779a653d3ce118d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b0c972d0c760f54d28b282398c5a768

SHA1
7fd496e8eabfbd4bae1724ef7da3f23a88f05c92

SHA256
26895cf125b0279240b2119289db415fcdbd05e5591fde7ddf3625d7a4598b06

SHA512
287c858004ffe3cf2cb2be84b31168ac442b9fbc2ad9967a37976408a1d3553e54ddf8533db4ed97912fa6a2327306645062588a8f9a46963ed8a35911f56708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa3531e21acb66b95339e18315eb7f4c

SHA1
6d940a06684e90df0175ae01e59063c7946d4775

SHA256
e8579bbd2a079d991436abf83f85585bec84cda9d768f511a11b6628d7d0baab

SHA512
44aa980c6923f1f937125edf249649e8b2374a651863923c5ec7c714fc904315028b9f307d6ace8bbeed61d90d135b42379b5a0faed4b89d45bed71bb05230bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
865df59ec4722f6bcefe5ae437308d52

SHA1
c31b83788e692c0b30a5ca8de87f4dc6115c87c7

SHA256
fec941530d20899f587bba61d973399c51e65d99287e91988efc5f5789478124

SHA512
d47c979110e96a6f0e4f9c2e7cc60756d8a841f1c2f23cdd1f116c5ded763b3df1a0d1b993d2a19e706aee23674706de5fe7f33f83ca6665be514a8d9b7dd31f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b00ddd78bbd4d0d3d94d6fda33849cf2

SHA1
37e5b3e6d3c1de8827ee66cbf14a355b3d447e88

SHA256
69050c0668fbbc3576b8aeea16eb14143211eb53596fbd64874fbb4f6d717c0c

SHA512
9cc2b304dc5690c891776891c2f2834019a497fa3b82807a52433944ae277717cb48fc0fb34aaaa66f32650c9f4acc5d368c2f4ad8975bc565911a61eb7881dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
652d8b585bbc408aef3c6c82cd7b1946

SHA1
b020ba4c9343d6f96e45c79898f1a10ad01b9b9e

SHA256
a603e010e02f3f509838fc605352ed52eec00aa2ba723d9ff06d532cb25bc228

SHA512
7d840adf3e6bf75cfdc913d9b3ce0e08cc7d92e1886687a5afb789ade151b5a4490802638df940fe58f5db74df2b07887b5e65b3a727172f924af47401306eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6400626d9393200d08817b81f2619d5

SHA1
f931f961742925e52697137960d2bc9356895c77

SHA256
1cecb1426b5c0b1507d30e797c20c76da21d6e47b5afecd0d1dacc0b908af702

SHA512
8b6c8667dc7c58f0fff90eaea621ab02c7dbc97db97b182446632c76463e0c8207186fd249ec084af819912afdc0c356c4abc3f965ce649a8873094edf643a30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16310bb3056e8a1a65428b6b29304210

SHA1
954fc1b3261c0ba419c917d6e954c26653c821d8

SHA256
8be128e43215165df998e415437a1767273df1d4c7342dc71d205f59d62cb3d6

SHA512
f55a28b1bb2aab4686ee8ee89349df806abbe3dad9380198c183932864725cd508932880d61b4957a35c271162a427ab3f73f536720fc1606b0176220a1be5c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c311011f150688c7a352c3831b03262

SHA1
63af41b3d5e6fd1b674d21910c4b1c3f3c4f51d9

SHA256
b4ca97af037700fc75c7b033bd1cf9d06b48361cfdc30ffb1a7f728507942aaf

SHA512
6c7e4149f0d329b41ea706aa22afd36a19003d4db96605001003a4e4499818375dd0eae88b0d3ee27101ada27190b667bdd20d270dcb890d18e3059e3dd27700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6504a03f065f15d36fe847e8428b7bd9

SHA1
0e542dd2f92ddc5d629b624b373d8cb55aed5a6f

SHA256
98afe6fef4b4d3bd44e3c2667ebe4557222b080a3235c0111cf2bdb93ea9635b

SHA512
c871abdf9ce7b570a84544e723fc16fb3565c610ba5d1c9a3231866cb808e31543774638f3eff224e379f0bb2092a5d2eff4d0392b20360713254b37f8b756b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
7a8b8d03dbace0a5abf187794c211580

SHA1
3967f5789779d8c820509ba052a2c04cdf393972

SHA256
723f2d4bd92df2bc6301330bce207ac8cd9f6df0ed8710001f4b0624f5efa666

SHA512
e7ff63048fec045bbd3fe4cc43c5a55c569e84184d424da7f3d3c019ca55e7048d6ab74586fa77bb85e54fbd85a0e11d29e3c216152c16b87a5f805daf9ff052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
85b7379abe7fdb751f5dfcda4ddb7575

SHA1
88a61d87722f2bc3fa082c71afa98db49f162bf4

SHA256
190e4083a781ee7e407f15195f2db9013954903b7ba85f26b473b47b5c8bbcca

SHA512
a5233ba34084c2fd5465e4d4c2ac1cfcda671e022f79cccaa2b0cf51087336fba3d7253f39715461436efb1f9b9ae5c7cb8fd898351f210190249bf345c9500e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
1da2e00302479a9bd27d38c0f256c390

SHA1
92e5259aedc601dce20f0d21f998f433d42fbd58

SHA256
970664d74436cb3a26ecf144084427bc2add61fb26e54f8f01b13874f233fe25

SHA512
f1581e5ad1ff1cd4d166e8dbd0a992d71c798f75cad4a23dca5e5e3517c6ede88aa703a8aa030718d4af4a53eb5ac92f0215c3d8560822c05f18c8973271dbee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c0758c952d03fec38b7e6e568f5298e3

SHA1
d9e7257cc38bbf6c1bc4d289b70cd01169186142

SHA256
292d627b09c726b90c2d0378ac7acc8410e3b26826b0a02c007f5a365dd9f3bf

SHA512
89a32ce3118527cf302aeb5ddf60f9c88776f32d4c01d8d1ad8c771a936e397fcba4e692040a27c64f42326f83e1c1eb6335989263291213aec56da985bd5144

Download Submit