d5377a3e70e12ba94b6303cbe29996a61a3ba0cc0c0dbe666eeb22e329c8c081

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

12KB
MD5

4395f2a3d5563230cfea9b3727c74548
SHA1

0f201760ad9f457c2fe65a4a454b8f7dba151e3e
SHA256

d5377a3e70e12ba94b6303cbe29996a61a3ba0cc0c0dbe666eeb22e329c8c081
SHA512

d45e293358163ecf3cb520d2ca2d3b1050b1fc4b8fb93635a69a125a6ad098e47a227c1d037d7ea8622ee5c2b6bf7bcf41b0275619cdb0a78f9e4171ab793780
SSDEEP

384:v/VFHxC/F8gvW5V6oQUfXn25OFqNUlpL+U4+VOuu/XrCUnXTlpP:v9pxMF8g8BRXgG9pO2vu/XFxpP

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133624298253879637"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2184	chrome.exe
2184	chrome.exe
2720	chrome.exe
2720	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe
Token: SeShutdownPrivilege	2184	chrome.exe
Token: SeCreatePagefilePrivilege	2184	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe
2184	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 3900	2184	chrome.exe	81
PID 2184 wrote to memory of 3900	2184	chrome.exe	81
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 3408	2184	chrome.exe	82
PID 2184 wrote to memory of 4788	2184	chrome.exe	83
PID 2184 wrote to memory of 4788	2184	chrome.exe	83
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84
PID 2184 wrote to memory of 716	2184	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddd80ab58,0x7ffddd80ab68,0x7ffddd80ab78
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:2
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:8
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5084 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4488 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3596 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5308 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5172 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4816 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2292 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3984 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5656 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4772 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5044 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4984 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2400 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5040 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5892 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6128 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6356 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6612 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6328 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6836 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2848 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6412 --field-trial-handle=1972,i,295529520239287786,10530364645749009825,131072 /prefetch:1
  2⤵
  PID:2916

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
143KB

MD5
ea259f8dadfaa76e9a64b33416ea4aa8

SHA1
fa9f9471326dcb11d75df916a324ef6572a18baf

SHA256
fc2294160436e42e2089b2b28a55141363e1eaaf4570c1bfca363a2a7804cdc3

SHA512
10b0cd2940d1327ac3e5810409dc57291b7cbee91fdd9f07b5c5a956e399571be2e452523dc5d62dedb163e89361bc1e34f13e5c02d4583728f35e4aef9cf182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
148KB

MD5
caf48cf8839a0c3f6f19d44be7345163

SHA1
c7822454dff70341100b4ebb86873272426e25da

SHA256
ca917232b3654daf69a7cc70e5d127eed6708e602cfb77172990cc1b9af5fefd

SHA512
dd94b801e1336125bbe56edc206efd405b0cdc391b119087c40f27f0c7a5ae97425cae6335025c52a4c0d242e5ca64ea620458f33a36eafd7b759c4b8bbbb4cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
191KB

MD5
8f7ce0fe47fc251978f9c9ef19b02382

SHA1
8697e843e0ca5da6440d13d862881a2d8a8f0396

SHA256
01c10fc6d98de3c24b94f7a141e25cde03912c1e73317d9ecf7a84295b76e5b8

SHA512
3bbb86baee545723f6372d578ed9df7e0b02055835e72920120f9864adccc955fbb034c481c517cafd3e052f8627c1e3773c5d0744eeb22af1adc777b8cad545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
28KB

MD5
e0f2628c375fb82e401736ede2c2d656

SHA1
a17300917287287aa528f8d30eb2b9268a54d49c

SHA256
4591d97f8d7a2ab296cbe696cc68c3ee80b7272a05e314537b94a15993d68124

SHA512
c9dc8374926063bb1e56456b7e176a511cb224759855d7fbbc0b3a70826b4cb30031308b301f6da1bb585bfe2483dc021789cf51e50725a85889b1ca216bc790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
144KB

MD5
15a833e358fdd43fee23febf163f23a8

SHA1
2f4c48c9874c44b9c72fa126489e6076980e8068

SHA256
3346f3aae3e9711090505b57c765dcd188f6b11cd106a3c6f4df96a894416a23

SHA512
d7ae20e4a771c18f26667f0e9ad2d5712ead90c802d482ed356228db8d0ea6c8e6e59c2b5ef287f998b202517fb81565bca7d51c204e9165ab44f19d40ad41a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
19KB

MD5
3be2e9c4c58e18766801ef703a9161cc

SHA1
cbdc61e9fa2bd8c4293ea298a8aab94745e57f2d

SHA256
1c3f11c5ba6d3d5e0e1e88a3de6c27a16df13833470a19c03b04fb2f99dd5d57

SHA512
2f1a71f1fc17e79ddc1c0ba0be697fdc1641ee38604bd0c424b6ab702f008f9fd3c57f22ca959cea1f1de368016b258027190c279637ae8838787be366e40ec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7a45bf1c2ce285983271684c3d3d966f

SHA1
243f65b03b5a0808595c06386ee11fd35d7e96ac

SHA256
647c64c2eeafc4d45676cbc4b81bd21407003937f91c9b2bab08b405197db1bb

SHA512
e38969b4a013a7fc7041cfcae87b955efd0c658b3d8580b761304e79f4a541e37dc655924fb36fb2973e962b7a2a558c86bbc7b18813523f051fb5e5703a35c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
ce902050693b885b9895ccb6d32c1475

SHA1
931a1b8f869f00fd2a71403ec03f5ebf2b213a99

SHA256
dee998ce7ba405569cc7a06969be6a21c176571a6d9cb7b99080b19c57146a7d

SHA512
eeb501b6f2226574a8fa97c423a2b05278a793d22c5a24a933797b9ecf52ec313846a67451fdcdc7581fc3f93d2e5f8c1b71e1a64ebba569414d5232d1d10139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
8a98b4eb2e0cda503f4bf76abdd6f3c1

SHA1
db484921b31802368c813c925ad24bf7897d74d8

SHA256
52c51d2384f9b5dc1d5031ce046e1488bb5bdd774b47d102af5c380ecec98226

SHA512
43418d6aab5a6297dd2311c17e74f95ceebb5bf624ba1fcbc0a1ce6d3c9a08a7b67d68e701aa434a09fb3ff60e82511d584700e9067552e33d6d00d8ac4e0888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
af5d5c2925cd861b061e629643dbce7e

SHA1
ca9c87440769d38f01fba950ef6aacc6dfb192f8

SHA256
827169521cd17a37ae1e6f15e7c3cdb1a8d8a3e3b1d7e550dafdb1189719369e

SHA512
b23fab8155513b34a54780c736a4e54add1984f0592061e080b5a74501a8e0301d439c4a9179602a73a7b95512a89c16605b5df7e20c4218150f5b37897e54af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d77b795e1a757377d28860cac1d7a089

SHA1
8a8b679f02dee34fec48a287aa1dc5e124db816a

SHA256
ad37b54b8ca256e7da0b4e8188f5283808acbc77a34b428b97109d67822a8b49

SHA512
add7af357cb92307255383c82e5b5063accf4cede4d31b71abea808ac3de4f5ce44f08e5824865d5e355d6d011877a433eded4606e82868fda09e24f4c03acd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cee56fc3b88c529220a024969d87e981

SHA1
37e8fdaba01688d4424e66a1cac26a2ce771360a

SHA256
5064f1422424f407e86128265a4f3e2e3ded7629f663c1768ea30eb637d4f975

SHA512
9954e00a5dd80bc396c7d124694da954ce7eb215292aac5f1475b5f6563e28057f64ed23ce185cda823219fe6b90ef228164a21e15d66c1261d08682ec4acf64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ce2c1ae23f4a56712bddb558b2cf9b4b

SHA1
379a1791c03a4ad27c8080a6505fb434f962ede5

SHA256
f02558d7322510f2f3330a4f571db0583aca6c397c944ed60088ff77a14a01c9

SHA512
1ff396f7ac2b10fb245248b7b1cb820bbf782ac220834887f1b9b598edf228d196c9e96b54e4aa356df0b0a6beeff563c9696fc75768559d9be0f6d3bd7a7f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
68b2112e0d220ad000e6226f1d8f0dd8

SHA1
c9a4ea47de5dc8ae4363e1e88f34cd3f3829ba61

SHA256
94d8260006b0bf3ec54157d9aefe9dd3635a810ab2b8ddd1909515eaebb409d2

SHA512
7246dc2881aaca409eaa8fad0b161a16d4176cbf3e4a293f61644300ecc0c32f9c42f36d28cfb3438a0f7639b5deca91c28ba687b03a36210212f725613c209c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7e05e17b3928c6ddee6cc1cfbc1b2c5e

SHA1
d6f4a038647b1bf050d8de4a5734c56d8d125468

SHA256
da817922735350913b642d9a1e10e7f8e1c415f044d7632361c6b4ec4334e0fe

SHA512
a8bf0a79059bf75641600136cdd119de384e7cf38beb77f6f0d6772d317eec04fc15288ccfe4ea4f5534db5bfba475040702bff9786e5d254e82332d1d425d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
18f622be08602e4ad83800957314b42e

SHA1
9f79714f14910547d4ef1365d60181d82baa0313

SHA256
9313b145ae365782b63daccd148e5974e1c450767dcf29cc8a982942bb2cd686

SHA512
97fa3f3bbfe610fe9bc125fd6e32c4391af7027dbc63ad722e09a3912252e717004dd1c045cc484f5a1d30ca2cb5c834a1d1f9deebb2232ffffa282f5d6192de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
118fbb9f788b5357d661c3d59892c3ab

SHA1
8911fa0764810899f864347d651d417124885e97

SHA256
c0d9c9c46dccb1c798911e74fc69be9c299a1e0d8e6b6156521eda2f7c0e382c

SHA512
a0abc3003bece7b730609f74cb03d25cfb83f02290176af712f4868da5104e47cc7051cbe8f8e473e10a06361dd8e5a34b4a295f909b65be8fcd9d25a49eae98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
0123ef67001d5a4ecedf083bb1d7f48f

SHA1
df6ab749a3d068d51c77a7c2be961b4feb9f6753

SHA256
4c2d2d48a73fff7d204b091554d467c166926a9880c1202194c7c518481cb943

SHA512
76f0ca1c446a48095cbe19aa1566f8685908c4d5af31baf99e13fbc1a18bc09d234af6be0d4aa8c6042f9e4700fc19ab81c4dacc030fed953b38633b5e0f93fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
857ac89e187c170cfd5fbde2f2474a55

SHA1
80f0aa74936510ad01c83e0cd3fa2b7a45c2deb3

SHA256
d5015f8f1be8133226bec07d0bd15f2af8dec44d455f55dd757689851f714dc5

SHA512
3b7cc373673a7843b2f1b97521ae68904616c930b2d062df82bfe639fac07ccf7bfc3c312a0285e75983be3c0ac170d95892a1e5d171dfac74af3f1fba07e9c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9cca12d10e44b936382ff4e8da804c28

SHA1
57e502b50ac8b699af84ee116708370455f9988b

SHA256
7d46d2da22f47ec562374e4fcabbdaf190681c0eb2e62afe5430b241eef06443

SHA512
c9fe73b21a34bcb41d7e8427d9bd7a2e8cf29905ae12f230cf6286c7e1169a8abd180b83519a01b94f198c196b08bfe3ee70fd8cbeb8b05472bd9dba1a139105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7d36ff23f85b88d2c124a311366c1475

SHA1
ebf2bd75b2c2c4a55e4a6803ea6d3499a8f23855

SHA256
e8e524b3b3a415b900c481e21f6b602a8cbc45ff9f73a037be1454e70f7ab4ea

SHA512
c000762db0914e61817dd7c5c86bf6eb9d0783c6249e97052967bae0f1f4b4f41ae18e4a2a3cee9c2d5ae567e1d847d07ad6ddc3a82060efe65c8a10b92d7cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57df92.TMP

Filesize
120B

MD5
52fc56727e116e5de6883cb9a90104ba

SHA1
5208e4ce9b5bc2e867c1e2068b84590ea4578a56

SHA256
7332e3234fba427357fce68efa271db2d35d638f89aaa68f19bf1986900b3cb7

SHA512
3b8896a82af269997187ef6e34e69be08f35885c950a74baafcf503e643a6e81c90fd2a555adad8036b04a85d36f115065667cea26d3c99936f28f4e0e2f9ce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
8e331727a0cd9a85c98686f80ca36f53

SHA1
4b3d253ab3bfacbfdf26a2327d04eebdf746e5ff

SHA256
6e070cc0a5f8e981166df4895aa542cfaa17fddba9089cfd9bee2b499bb0cc88

SHA512
fa30d592843318a3c12f861a20f404c9eeab63757eca682e458ecbece3cabf77ccf1e99aada81fd66400a749825c0677bd7c87d50c29d3cbacd372217a6ee435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
2a21d38a470d9b1502680971aa3a9d82

SHA1
dc5663f7066ca09643c9e5ed56f3c6bcbd951bfc

SHA256
48418986834b806758eb4045de33083d3da9a6aad43fb53815694d53e19c6141

SHA512
52b80361e7827b6c6214ce30f70b742e7b2aa275245f6b062cc6c92250ef604b936bdee50405a603e920ed50005c8d28583aab6522c2179f49aff8e3076e336e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
9e50424391fe05b87315e601c7af7b49

SHA1
429814b0f5801438e99d8596bb86b2d4add88f6d

SHA256
96ae33fd32e3eae983b72f565e2b19b10a83f7bb1abe4222c22625e244ad652c

SHA512
a811265fb25b9565e1aa46889a3878552da4ac43a1631be72cf71ffe86db3d34a2734535628bde4f09ccbffb998187d5db957e9f55a3d9997f6ddae8b3dd9979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583c58.TMP

Filesize
91KB

MD5
8148f438f2eb41f92e25f4a48e4186ac

SHA1
9ea4a355f403d8491fa0caed5dc14937d4da505b

SHA256
bfd384e1fc135e72e15133fa569fc950c0bf31f1f8a9b834affd51b7e4adc4f8

SHA512
76c24cc23232b26b29b7e93b1ae5b4ef483313a3036e693635dfacc68a2638173a637350d9aa22e281915f62471ef7935b2fcc762e34b4e1eeaf18c4606dcc55

Download Submit