da9494547858a998ccd8cdf7d86f6a543fea83aa6d25ef2f9897db7367529b87

Resubmissions

04/05/2024, 21:23

240504-z8gvfseg38 5

04/05/2024, 21:21

240504-z7mpbabf5t 4

04/05/2024, 21:18

240504-z5vxxaef48 3

04/05/2024, 21:15

240504-z32bxabe21 5

Analysis

max time kernel
72s
max time network
65s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
04/05/2024, 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

chicken.jpg
Size

192KB
MD5

50e8d86b4e675fb22dbb84b56b090cbe
SHA1

ad8256b4fc61c426e8dcfd95c5d72961aaeb99b4
SHA256

da9494547858a998ccd8cdf7d86f6a543fea83aa6d25ef2f9897db7367529b87
SHA512

fb9ee7de954b0c96b7d8ff52e2991d19bd09610fe1bcc5dd808d4b92dc71df8c18616cc7efb3fbef632c57f9345f2852372c2bd73bdd77a278f37ba53cf090bd
SSDEEP

3072:Pk2s1FniL0vngPz60Pqsaydf0hrzcjlZk9CSbTjqkFwN8N3rgExsRfarbt0kk:PfmnalPhaSDjlEdbauwkgNarbtrk

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133593313182968964"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 1768	2428	chrome.exe	84
PID 2428 wrote to memory of 1768	2428	chrome.exe	84
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 780	2428	chrome.exe	85
PID 2428 wrote to memory of 1840	2428	chrome.exe	86
PID 2428 wrote to memory of 1840	2428	chrome.exe	86
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87
PID 2428 wrote to memory of 2040	2428	chrome.exe	87

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\chicken.jpg
1⤵
PID:3840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84077cc40,0x7ff84077cc4c,0x7ff84077cc58
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3536,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4632,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4652,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4572,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5140,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5384,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5664,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4500,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4492,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5676,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5756,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3532,i,4929543978181434174,18049010580829494257,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4796

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b196d664d64d017e326031cacdead78c

SHA1
4a79f02270ca023e48927b85ee9efbf9454ef435

SHA256
bc69558d133291788b761e0ea8c3ec038551de7e184eb7ea367dae89417f2899

SHA512
a2870dfde15dac7bf8c1f4d722775d02a9fb1721d245c39eeca9943763e0c8d1ebee3f27b48d1b910e52b17e379f960ceb2e070b5df2be8eab53702244dc43e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6bd636b0-c7b9-4a0e-9dfb-d309e99b51a9.tmp

Filesize
9KB

MD5
6a71d75941907241ec03b88569cfcc9b

SHA1
bb59677976e60300d13096837fb6936626e3bef0

SHA256
af09c4f8ca2cd4d5e973b95c36bfed2bc79e2bc053151554c85b44ecfc9ac4ba

SHA512
e2742b41a5e63875650a1b61d76d34d526fe41ec5626df1c7fac9c6ad676a7facae1065e9ef9a4ddf6456852b532eae155325aa677e5f9417c306adec21710aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a0a15877c103a5f3e56ff356c43620e3

SHA1
10f3b621862df06acd2ab9cf6667e9bec5c2fd7c

SHA256
4109d8e4f0d0cde8b4c577f4fcd218e8fc2ccd6c66c3c1a14306cf26425c347a

SHA512
cdb7d0b250635703b9cbdcff2f83ed626d8568b08b3fab7288398c450d4c52c9483d1b6f9f7e4770e5c0972b5892a671c13bb9b25f392822deb83aed4d4f0609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
34a19b22738672d63ff209d9fa5ef5dd

SHA1
11bf04d82a6dc6a08ca018b5abcc61c63e04d2e0

SHA256
48d3f217f0fef817d382d31ebe969311c9669fd755f5a65666b58d700890caf9

SHA512
b4787c3eaa9dede5c49a6637f560952edaa18d86f8de5e8e4498b3647230712c1818ad10d44e62e649a36d01f97ec18e6de922775317d3251a24ba298b7d1a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8d0d308cb33483d23271c41dd4aa6f63

SHA1
50df28952d215a652f3ddee83e429989d4e3c8bc

SHA256
9db6ee9056eec12f73b8c0e47c594a5dc2849cc2eba2fdd63fe89ca00b83053e

SHA512
f4a413705b4a4326617a249ab52a4113b2bc37d1be969eed3041968210253497d9fff5c5def13fbacafdb690c8c7dcabf218079ee3ac2d86c6a3cb7611aec5f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e165214098a2f6c5d7f566a0adaf76e0

SHA1
5a95c66596852edb4742747f8a17b076430eba94

SHA256
0562ab5e1b12d7d29e8072a4f87350c2e11d06f5e3f29b134fdd340845496f24

SHA512
df591b30c70fdba59cd65ddc95d5c88669c98d5dec79c2439461f4109a68ac7fe29658e18710e3813c8667caed4f6ebe6bdfab5398d97b36e95a8da404ac696d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\adc2387f-50d3-427c-8026-3dcac5a11ff8.tmp

Filesize
9KB

MD5
70d93b45b18546854810de2172d40b76

SHA1
445fec6ebed6ac997d543a87f33ee2b86dbb0ab3

SHA256
6b3355424ab076aa038534f6a753665e4c38b6ee13908799ca0714beba09b753

SHA512
1b6e3197fe3010737e7bd9e09f8db3876f2cb07b829fb22ce07834e522880ccefe5591682a820bdc6f195d1bfee1060b6d782266d8fb25645d9ac555c0023e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
8855dfae8855a7010bafac875f8e8ee0

SHA1
fc41b2175f53731f92faab74112f3bdd61c99ca6

SHA256
88b325dd7ad6b785ffd40dca00211784e943c603d51694cfe08146fa365765b4

SHA512
b96b15fd971d8688caebd1f950ae76c03d09e728ce9812c938e90a9910dcef2533ff9636a7111d73ede5f71932277b2c32b0587af79172c82672da045f992624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
a7dcc8ec0bd5fdf826cee5d95de104ea

SHA1
ba00f5fd5e7259a13108d9c7a5b5acf66ca781e9

SHA256
9bd7d0d808329a8e79b095fd9e4c3879c2932fbf7ae80bfa30518d19d60fedd6

SHA512
95c2b448cdc2356fed05c4b3c6b3d89271da4644a838bf5a414208717578393aa70b32c1169697c5e476c8d224afae11f492cf0c58db979ef363afd054ba3644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
077e640ee0cc634f2fd54697674dd6ac

SHA1
5bcb489e950b2434632b2a14e7b47a3486baabd0

SHA256
f60077738268a57e3d05f90e9eb16999f95474d68bec700be56514d601fd5e1e

SHA512
c48570572971a7b321aefd55b3a082335d3d99ad0754e21a606e1620e4db22d6c2552b74b5ea25e9eccd83acc170ac9ad1f12220e4d29b4a0b071df65eb9fd12

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit