hxxps://www[.]google[.]com/url?sa=t&source=web&rct=j&opi=89978449&url=hxxps://kimcartoon[.]li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM

Analysis

max time kernel
305s
max time network
308s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
18-05-2024 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133605085880517273"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{AEB85A43-CE3C-4AAE-859A-B4FC40C6D147}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1364 chrome.exe
1364 chrome.exe
1964 chrome.exe
1964 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

Processes:

chrome.exe

pid	process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1364 wrote to memory of 3300	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 3300	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 1188	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 4432	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 4432	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe
PID 1364 wrote to memory of 5084	1364	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcca42ab58,0x7ffcca42ab68,0x7ffcca42ab78
2⤵
PID:3300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:2
2⤵
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
2⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1704 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
2⤵
PID:3236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
2⤵
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4168 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
2⤵
PID:4512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3188 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
2⤵
PID:3740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3184 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
2⤵
PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3952 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
2⤵
PID:2960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
2⤵
PID:1108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4924 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
2⤵
PID:3416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2416 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
2⤵
PID:2408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5116 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
2⤵
PID:560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4916 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
2⤵
PID:412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5284 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
2⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
2⤵
- Modifies registry class
PID:2036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4688 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
2⤵
PID:2972

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2296

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
948220421ce9af2a7cb7295cb14c83a7

SHA1
03584c41f73ba9edbcbba179fbcdf3a3c104500e

SHA256
9e9483b5662f2fdd75f53d3470176376ec3aeb56fd90a0baabd37472f1656e9f

SHA512
2d0a8da58b2725d6bae735d2fe277161b189e434c2243897d1d5ae7dca8305264dfb530fd2d03d030bf739dc120fff4b2b0a23d2d6c909e89deaf84853352474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
fee7691e7a122715ac4f674a9a2b0736

SHA1
2701fdd5c87fa07a05cc86a1e00c3a0298c420f2

SHA256
fb7cd59ee983cf73ab4536526930d6a32d7e276d4ef5873ea2dbb493542c4fc2

SHA512
051d841365f81baca7d3d249dd97c27e5b5bf9362c213bbd346dbd7a266015ecfef4f623bfe3dae263c607b4d3d26778688fdb08ef330e55374ea2bf37146036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
840B

MD5
a84f84b9744d6f6ca5d8fec07633fe7f

SHA1
f5573a2344c6419812c6a579508f26a2ff6c9c4a

SHA256
0940426ba5062d1a091e0a5b32747da76ce741cbf29c8068589f6e2e1772efeb

SHA512
0d0a6e0f9f84b24e64a069838e567abf17c8fdda6ec22731a5d9679c9cce078973a8de38f79d748ac6a66344d9a0e234ccba45ccffa2cb9770be001aae81aa0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
af2baa0299a559ca89ddbda6ccd4f52a

SHA1
20e80ac5dfeb6cf2bd2a4b863c2d28a0d4815e53

SHA256
932179de2ced5e1ce7ac0c83c9d3ea4c26dbb3b2477bb1b812d26e3952300685

SHA512
0ed308b9add2d63e6dfc3c68fb36ba8c09e7a56f043e4f3678c149e4d4c9ac273a0b89998d05a087629d06010d251cf161ca01f1a8f3fe51e84c444ee61b9dd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
0a435138e7ac5b7aaf18aa76e510dcd1

SHA1
ee1acc891e4da2476efde78080583db204ac31c8

SHA256
2ef0ce5bd479f964cac2951f209137dff65519b7ea7318a3a3ce1cb4a64f56a3

SHA512
3aff220232b21eb479b17b447cda6cb88d12e067030dcd3ca0dc5ebc875f8c370a3f6d573c9a932f410c9b76917df0798fa1f0a34ed1a5d528a331294e5a04aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
d2aa2ed0061f4edfad189b20c873f5e9

SHA1
8728844cf2ca14041cc808c03cd0f9e68e8a5fd2

SHA256
56c574aacbd26e21bd0935bd6f91ee73ebf4f49dad449fe57c877067e42efda1

SHA512
cf9a409e4838b8fb3f8139093313c7703bd556f3928da354d55e1362185daaa8c427fcf4058c11837a056148538ac61152749407542b9958202888af7cb16f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
6ecb105fa7447f3106c789f410cc7db7

SHA1
a0149da2fbbd5f6df07105b9d0b44d31c5535c1f

SHA256
66c9fc09656a49f090b92826fb7170a5fc0092d1db6bd38c461681163171bb97

SHA512
9bfa3460a4feb645b44d94b5f081dcefd198623a9cb240cf814b3255c4220871c000bdaa2b512117b7ba33a357b55c652bb0914461c666d07cbd55815d3c61aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
e27553ffab31b33f191e0846bfd4148b

SHA1
989a8227573ce83d48febf4c772eaa54d24266bd

SHA256
ae9e07e42ee76d8483ca08864d5e1da58530c9fc1077c7e7b1224c30aba55024

SHA512
4f99f2c8ba8d9471c3e3615cce667027e06c5d60c62fba7be9c8cf463fda3e3411e50ec7e34a35a7229f36b4e9c27912a3343863f6e96ab4f339ef6412440274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
fa54e84ab779b5bbb0cb9a3626297e10

SHA1
d305f07769936d160dd29074e7558eb789d6aad0

SHA256
11ae8c71740529a9ef8b32beb43376be478bab9e25b5f585a81e3bcdbacc6ef9

SHA512
c37c1ecb37d544c1c9d8b626ffc462b95512855215e0e4b39da594c553219ef41bdaeab9337d404cd39a0c569b568b02b6b89ea49f5691db2d76536cb4fff1e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
b98cd2998fcc02303a7b3ecbf1d44520

SHA1
40cc979341f30e29ee0232cd69f92282aa0f8346

SHA256
b960a9c04311beaea777bd3335ab75d923fa86157e94f7893d7f5db86ce14e72

SHA512
236ebdeb75c49024ff258aa8d0f068599b87c00b561749dfc48a93da5ce588abcb88a7d738b5d075f61f99044ee358052e6cfeaef3528327efa3562c1ee88e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3cc56edb7d2b6a08fec8396993c3d9eb

SHA1
a6abfa0030ceb9cfc40227f77467d49b32171bf9

SHA256
670eee5d5f6b1d0b7427a9e7ba02643fa354e58fc2c0f621f40e2dbf3ab97d65

SHA512
c43f19cd2d5d141e4835f3dcbcba2fb2b25bfcc8912c86132316ee7637a1996f04b6e7284d2ffe814e53f148367d727e82f82323e81dc543e82b3a99acc66c5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
b6f48def1ad0dc727f479ce8ffec8a6b

SHA1
488a3d7c23f20d7c90d9cd3010d31836d67b4028

SHA256
88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec

SHA512
ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5adcf4.TMP
Filesize
120B

MD5
a2646bd7950cbc735644a2b83946feb2

SHA1
30c24eb3031990104ebfcdf1fbe85edd2cbf8f64

SHA256
e2b7cb8d9e9a8149f502f277d0b6186358c981e9401c69570f2916827cded4f5

SHA512
33505786874ce56716b339be9e8d2b82977030cf1bf100dea1bc3c4352a1f1d1b8851088c9e1c38d3f8181d1161bba5fb7e4275a691e09ee9e926cc9c56e67d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
d2c7a1a363dff4a3b4cb8cff7b40bc83

SHA1
692774d3f2a89bd30be9c7cbac2fb9b5ff4ed679

SHA256
3c33ba0a7e529e9b24db53acde868bce2c6533f673f1aa654beef36966066ecf

SHA512
423d1f5f730e0454f1bf657aa7a1ec892b8e6d470a57692a5a4916787d1d4bcfba548d827abd0c4e94bbeb3b97091ee9e34ebeccbbf9402c96b3cda7ac7c6303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
bb1601d6e200c33aa3ebb176f99280cf

SHA1
ce36a3b67b18f2991ba783bef9925042739ec4d4

SHA256
ec75d17143e5beb29a917be6c710aa4e427bd5b9a8228f87f1dc50c589d7f689

SHA512
9e2e14df95b19030fbd44dadb7d071db537e6d9e2e06955a78f66a9f1a2e647c9ed8f568a7d48270ae475f54b489f7a91fd4928d31666fc50dded2bf16fd9ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
85KB

MD5
362f623bed791e2fef567592aae15eba

SHA1
952100648f21f89f11d58a0695b3688800b1d94b

SHA256
d4fa0cfc34552d2fcf12804d54c8925ff72547dbb5a6213d299fafa3b0cfdb2b

SHA512
a3463513d5d99d1f11ed843ee752d44ff6bbbbe3b9ab98a7c585b83d91d8dca47a2e588f6e89120164964d44286b9127093a9cfdb90b2e8be2268051379ab7bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589296.TMP
Filesize
83KB

MD5
bae4501b4e0f61b5dfd29651cc9f6540

SHA1
1febbb99490d5b84515d3fe3a164373f8a249df8

SHA256
27a2867de1d09d92f3d4166b05491f621454c4345303802b9f70a18509babc39

SHA512
f12bde7cf9f8fa487752191330d1d5fec335d79c788464fa6854149f315bede179668336a627677a8a4adc7d35acdc4446de61b8fae1cac754d142f77052a845

Download Submit
\??\pipe\crashpad_1364_PKVDPQRBMTRVFKMP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit