65e73b7ff4dea81d68a12ef887ba0a33f17cebd4055e64899106517311f2e344

Analysis

max time kernel
182s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 05:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Invoice#0985.html
Size

15KB
MD5

bfbfcf3581c71286197a0a78a9e9eb66
SHA1

9453a020cd47416afee3109979b06b5db7e8efb1
SHA256

65e73b7ff4dea81d68a12ef887ba0a33f17cebd4055e64899106517311f2e344
SHA512

ca48abc6826461245e4ec709cd9add352d6577938b3e53ad8d50192f3f2d86644af0b152ea11fcd446f938eea7a8608d92b7b73404faa9609f608cbc32ed10dd
SSDEEP

384:H033rENzN5NNNnNNNCLnflKVamphlJUakZXnatXS4ndXE5f:HNkV

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613491413432473"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
6012	chrome.exe
6012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe
Token: SeShutdownPrivilege	1108	chrome.exe
Token: SeCreatePagefilePrivilege	1108	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe
1108	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 4732	1108	chrome.exe	82
PID 1108 wrote to memory of 4732	1108	chrome.exe	82
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 2500	1108	chrome.exe	83
PID 1108 wrote to memory of 5772	1108	chrome.exe	84
PID 1108 wrote to memory of 5772	1108	chrome.exe	84
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85
PID 1108 wrote to memory of 5684	1108	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Invoice#0985.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8197ab58,0x7ffa8197ab68,0x7ffa8197ab78
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:2
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:8
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:8
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:8
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4348 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4644 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3144 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4884 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3284 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3136 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5016 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5168 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5052 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5500 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5248 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7152 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7276 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7480 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7608 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7656 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7284 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6684 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6784 --field-trial-handle=1888,i,13529902288131724866,10494452825546918140,131072 /prefetch:1
  2⤵
  PID:4556

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
79KB

MD5
d10db77cca0fed858b9e9f2297d4f67e

SHA1
ae66d9cc6b217c402f01841f94db95c6bed11174

SHA256
0eeb960cbd011b63eaf4329fa13b206c94af7ac34aa6540b99bd3b6083c3f164

SHA512
a3c4dcb8aa50b4cc09bde175b3199e1e815cb19fc716d4d8ebc85e36a3ef693446812ee97d040fa01cc4aaa2483e88775f2174b049dd3b74f230a99f01acd2f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
5.3MB

MD5
288e7c77d34b03f527ae7cee40ff431b

SHA1
1d35dcac754498fed1249d89d3b144fa7bf8e9c9

SHA256
1f7d1fec9454c08dd4410cd124b215a214ef29bcd2db7b3bd293564814db3831

SHA512
489f37e7d85c84a2af3777c9a2f182b113f6a28ebc25d09f38c591b995c140e8f32f903d950bf1d3242b7a027d82fa68d4e5a14e8bfc6893394a415668a88d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
787KB

MD5
28681bb4869c6e131d17d1a710c0ef63

SHA1
2d5dedfea72550d7520e233d63cd7c4a5e8158c6

SHA256
8881250b52db473744c4e676565e494da739c60c7219bee170edd1314ecb113e

SHA512
3d9efdbbdff2e4b138aad290dfa69a846852ea5f745caec3ad1ad95e9a10abfe931172123d21607e8ebb9e878d7d618f1324a3697b0caf5404ef8a3845fb7f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
3ab799f1fced4241f8539dbd7a9aa31a

SHA1
4bd22dd57e7215dc33e3b33176e33e271c1334ad

SHA256
3b496759b4b587494ee04655c2ef64d1bee0bdae6f0684ae1d624712ab6ce390

SHA512
e6bc56df46425502b78fe688205a799daa295ad09d776dc417e1824995e411061e9a82f994570e48d6666b19a9f659fc98fea4959de98fe7969b9eb4f6395183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
acf0d4ff55808111350dcfa371fef451

SHA1
c211c2ac21ca941e0f0b9388061e656028db5046

SHA256
577f4e6285c7a6f3fe58d69e61fdc43edfc0496f0ddce6f4db163fc101613db5

SHA512
8d2816de8b737d0d5eeded4cbdcd94a6dcfbbeaddf1a81754a15bfbd6e3d0b07471bf8b50941db0817b1eeda03a83fc7b9240b156810af3ebbeb058576ac719e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
347B

MD5
192b8c87748f44bb9d0f6fbe2152f156

SHA1
70d58803cfd7ef325d306853bbea7d68a601325e

SHA256
c7402b5310bf9daab726d25244208bf7d255894a519f37d06c83c78d301a6eee

SHA512
bf756aa751f2964901a8dc53f20f9ee98f09b14e893f218b4c3ca40afd3c07bd404652b0bf944f1d22d9ba5c2be1de235e35e71005468877570c690796b29925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
c240fc4cfbbe51a6de9592280ba06d77

SHA1
cde0e00af2aa249c44baee6451913b6ffb6df980

SHA256
cb7cafe4dd33d1c38a12177e8332797d7cda83dd80e99bb30f98f9a50b3beca4

SHA512
07c36cbdd9d6a38d8b9d6b26a33d30bdc5b068f39d8adb851317a469201fe4213312aef50ac8409741679488279d091f4f7070a269a15b44418747c469f297df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
02d545664e6e6bb08e28d6c5abefe4a9

SHA1
f270c74e8f531287cb2b97e6370f37b5257076ee

SHA256
e6612afd183d182a258b209a90420afc181e2f01d69b28204609f25646d0a340

SHA512
8edc8b0be623fed5f715f2c00417ac11e6679e1b163490d72f89194e00ef6874ae1d65c38977c3da5ba44fe4d28b093fcac6dc8a3c599df79c73852d0cb365ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5d6f155e0561183fa0b3f03eca8852d4

SHA1
8e265f152c052fcdff86e2487fcce5313dd913ce

SHA256
df15228b63af0ce7b2d23adf644a82caabdd651294f4726a09dca83b3d488dea

SHA512
639100d64ea8d4efc39458d78921d5c25789aec39f037b4d12cb0790256db2e97f577f50bbc58fa269dc82999abbf6d8fff7f704e9194bbd03972cffbb3ae828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
5006b55bcf8274d5943d3b3ddf12435f

SHA1
dde744c6cdbb49414a77e343979a82ec20807f84

SHA256
30398bb2adf6e339557a01b532d2f014ae98451d469b9c4f6640333ad7f9eec9

SHA512
35ae8bf109ff1f17f2ef549ce7c16416803cb42e75530aa51b6c6c3c5195ccc026486b8d290a586fd98dc7fea862496afaea64c0f7ed7e99f6f6b3744594b949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d58d9e9f4c7334daa09a43f7954cdc8d

SHA1
afcb5e9c2e6735bda3462da6b5c4eb0ba315ae34

SHA256
d5c2059d17c0672b7a9b92ea325566f13ee5e67f18d86c180c7864241b3ea223

SHA512
1c8f1afc61717885f89b907f324c660ad1a8b9695f7f3c020e5bae2291e1c78731f03e87ad1c69619cd536ecafec6ed55a3ba31d19e67cb1388aebf838068a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a3fc2ec494710d6d53ed9a6df70a9a8

SHA1
bf75d26b34f6811bf64331e45246ab8d8989756c

SHA256
f19e653851246a48dc7112204312027c8336f61eb94d5ebe0771ae1c727a541f

SHA512
6a197726a13d6e11396e4290977c2b29dbe885a91bee9b5b5b2d5a0a51c731cfe7543844a022702b49e488f7efadbffb19eaca6b094fa2cf40e1d7fd442bb555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5b3773c5c48895501dd93fc67526f6f6

SHA1
6a39e250309ef57b062bb91dba599a7bfcfd02c9

SHA256
f9cfd23e1b8eae6d2b2334b0900f8ae22c3c9556a63ea561fcddd6b66afbd04c

SHA512
aec0eb468402e0383d5cd664dd9e16309cdce0f6d55df649f2f44245b7d54c1adbf09bebe9194c1c40401dec0b8bb51fee6b4e1aca02243fedc16a1c0a465c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b0a8d77d3d4dca506e860aeb66004a71

SHA1
a663e2a5acc2dfaf8c45644c28ccce8d8c4aff6b

SHA256
3d422d24aae6f382729f3121e826e9b9fd56327657aa4bfb62e571efb9bd94e3

SHA512
3ca9913283f27dcc788b1569f657ffaa1f15bae8fc0280dcfb7f16cb8d624f0672d9b82e86140f1cb5d97e03e86257d9a111422aa65e6b514f3558e262a79f29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
edbaa010b73dd04d0b0b14005915ba26

SHA1
20f681d8cff489c9b4770993643f59d1313e1dce

SHA256
80cdc49c46e94e631a4d48f55bce0127009ca49b647dd41443f9d81f451d1b25

SHA512
56ab3c079cb4c224a1aceebb8a2a7c8fd7ea054b8777c4df0fbcbbba7a8a43946527c3c564935aaa05728bbc15fbf38430eaada5f0d3e4b2319b8f1a4acf2abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
905f3b4b6577c80214689d83dd31714c

SHA1
fe5a67d3887a224bc07d2aa1976376cbb9f2c8f4

SHA256
0ffcb44e2228b7a7b0fe85e80e637398340c2470721024238ee472acef7345f7

SHA512
fb39bee7ec51121dda36b7f8c56c5dea407ed2d2f386e2816a90c7c9b5ea51c8f62a42eaf036b3a0bb17f31cdbfaea62ef4bbed5c08dd51b14890dd46bc7b677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f73eecde58f8777502cd56375b22ce6d

SHA1
e46ada343976ee124240a1963076d079d645e403

SHA256
90a05ddaab8baabe91276ff226330ac3956f64a96f1be5664259cbd92c2fd2fa

SHA512
33763fa5ec9b12846a0809464dd8f850350a9e8047734e3110b59fc279c1f91467a839682b4a28ae460c6571d1ef131cec44b48be838626f381743f2b1d4af2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d057af133cdb96376bc15a1b1c4e875a

SHA1
1cacecb26ef99477ab0f23b222dbc66e134c9d20

SHA256
48dbf97ad6f201d3cd872ab8f05a45484b3fada1fe35bba1acfbce428a719336

SHA512
2bc0e1aea7b171c53e94c1bcf0953fead5e346f34d9b973e4c40eec0b91806efb805c164f96c1fcddad293fd5c0f31434d2d9170118838efd0b00febab8a3a33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\4e25d4aa-8837-4fef-8683-8e7978b21912\index-dir\the-real-index

Filesize
22KB

MD5
4ca552ec6529871b89c8021b9a594624

SHA1
e5199393a205a9f794804e21699a7c12135a3e16

SHA256
0d59b46c81a617028ba12a80273021c4d8b4eb33b04f1a9f872db6e4fdefc873

SHA512
b023e8f4f41781ae0431fbb02432b486506bdefcfa321b9ed5a1b047f37a43681a1663708f64992c4f9309d5cdb7b446d1314f7fabe2adca5febf61fe4801189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\4e25d4aa-8837-4fef-8683-8e7978b21912\index-dir\the-real-index~RFe5933c8.TMP

Filesize
48B

MD5
734466f8b935fab5b199812ec15bfa49

SHA1
087b0213f6dd01b678fa39f86f5e5217b740c600

SHA256
0c2836a960cb9299e778812d751c26c8e7c5e90debf94341b459189b22849d80

SHA512
0411ec17f34489db2c69c699f3ff78918927f1bfb6726f0944aef0a09adc961c3041c698ab4863ea04156c3e8ec780ff72f6545d3ad702ab2d5c0f35768dd3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
260B

MD5
3d6dbdb5ef4f23948984c1abb0a007f5

SHA1
ce5ffb5d13ff75a852cff28000a70c8bdb23ef6e

SHA256
dce33d114ffef152c79d6320126bdf8e1a3e25b5f2da3cf50fd38d8743807f9e

SHA512
568df1fd1575e9035cca7748d1de4c2b33283b891d9243cc58c0acabd696c23ee3bdd03b2355b944396932856a6bae168096fb247b4af48c0b671f99d1ad9146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
257B

MD5
9878f9e739ec879c4c71108b736930b8

SHA1
7b4448e829512d241569a9b010f80b273e8e64b6

SHA256
be736ece316ff128ae657e5663b0629ff5cf28dafa2ceeab6b78e7887fa7e76b

SHA512
512dc6e43f83a08c85c8edbcbfddf4a1f00d96dbc8aa1113f26ab1c36d57ce6c67ad7453d767f0b0db20cb55fccca3599d3cfab031e249fa2267cb5bcb251065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt~RFe58b224.TMP

Filesize
264B

MD5
80b08635dfef338a193c6f53bd069ddf

SHA1
d7e5971fbccc1bfd2d674a7786fed36c3527c2a7

SHA256
6b1b7436f31f5e07bc4b594943e620bfd08fb44b61ba680109edb2f8d43f4f26

SHA512
839aeedd43003edd43aca665d32d8b0cabb9b00aee70cf2d938b8b5929c5267f612078a75f310d9aa2e9b6e3bb2dc25ae9e7491403dea33aff9eefa910b7d9e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
596b676696a04f8c440754b59a2e384f

SHA1
19c74ecd465dded76255b705d6e8e5a437d524df

SHA256
cbe0cb426a457a2a098548127a04c0443dd7a49bd3aaa2dba087f9d204064d6a

SHA512
464390213a9d0056b27da6ca1449e1065ee099a1a7d37266bcfdb2f459eb5f21d6c04e6b315b1e2dd97a23d5fccc207778639f18d7edb49be2cd3d961c82e278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b1f6.TMP

Filesize
48B

MD5
f504e52950f4e10830778ec09a5ed278

SHA1
c9230becf571400a19a06d71b8a1918c65bbea5f

SHA256
0f018683262cdb5369675873795d07f2e73d4dcca2e8db22d024f416cd651939

SHA512
18b3316c742fa0a153571b23f033dcab54dad8cd3c4229d39bb14bb8b895aebebcd8ad367cc29a959b1d0117354c889b9c75bf6195a1a16a4cdbadf88438578a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
a3d9173594967ba842a9ec39b92d4540

SHA1
bc8b60e2c1d6999fa87b8a1233ed33c26128045e

SHA256
449d93c1b4b5bc1c0865f9333590f240e24a50cb11ee2d604e36af974f725215

SHA512
3cd2df9b7f7ef6e23d294a13581a5a5fd254e1f7d2388baa7cf2c7ccb2541ede40631bf86877de9b5877ebe3fa46919da1a4d149ed08e32c65fdc1d2aae227a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
a87d8fde981d9d6790191acccd4e63ce

SHA1
66cb93c089ccb1bd8777f8bd956c6125b1030489

SHA256
bd2bc060a14b22166ddcffde71ae14237f6596e33e206f20c423286fb24d1a64

SHA512
e421a2e06cc4217c264f6661b78847bf22e5868ef5f71fed4e1bdd7df961f7c68b2a5db90c30596902bcfbee852c8fefc0fe15ae9782e7ead08f4c381adef267

Download Submit