hxxps://www[.]google[.]com/search?q=Army+Mobilization+and+Deployment+Reference+2020[.]pdf+&sca_esv=84adf72e07b86e49&sca_upv=1&source=hp&ei=GmSOZorQLLf-7_UPxaKn0AM&iflsig=AL9hbdgAAAAAZo5yKmj-Ka5TLG5pqAgqit3Tkji6REzm&ved=0ahUKEwiKxeO3o5yHAxU3_7sIHUXRCToQ4dUDCA8&uact=5&oq=Army+Mobilization+and+Deployment+Reference+2020[.]pdf+&gs_lp=Egdnd3Mtd2l6IjRBcm15IE1vYmlsaXphdGlvbiBhbmQgRGVwbG95bWVudCBSZWZlcmVuY2UgMjAyMC5wZGYgMgUQIRigATIFECEYoAEyBRAhGKABMgUQIRigAUjGhgFQAFgAcAB4AJABAJgBmQKgAZkCqgEDMi0xuAEDyAEA-AEC-AEBmAIBoAKhApgDAJIHAzItMaAH5gQ&sclient=gws-wiz

Analysis

max time kernel
299s
max time network
274s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/search?q=Army+Mobilization+and+Deployment+Reference+2020.pdf+&sca_esv=84adf72e07b86e49&sca_upv=1&source=hp&ei=GmSOZorQLLf-7_UPxaKn0AM&iflsig=AL9hbdgAAAAAZo5yKmj-Ka5TLG5pqAgqit3Tkji6REzm&ved=0ahUKEwiKxeO3o5yHAxU3_7sIHUXRCToQ4dUDCA8&uact=5&oq=Army+Mobilization+and+Deployment+Reference+2020.pdf+&gs_lp=Egdnd3Mtd2l6IjRBcm15IE1vYmlsaXphdGlvbiBhbmQgRGVwbG95bWVudCBSZWZlcmVuY2UgMjAyMC5wZGYgMgUQIRigATIFECEYoAEyBRAhGKABMgUQIRigAUjGhgFQAFgAcAB4AJABAJgBmQKgAZkCqgEDMi0xuAEDyAEA-AEC-AEBmAIBoAKhApgDAJIHAzItMaAH5gQ&sclient=gws-wiz

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133650959530838235"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe
876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe
Token: SeShutdownPrivilege	4664	chrome.exe
Token: SeCreatePagefilePrivilege	4664	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe
4664	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 2356	4664	chrome.exe	83
PID 4664 wrote to memory of 2356	4664	chrome.exe	83
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 3900	4664	chrome.exe	85
PID 4664 wrote to memory of 4784	4664	chrome.exe	86
PID 4664 wrote to memory of 4784	4664	chrome.exe	86
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87
PID 4664 wrote to memory of 4484	4664	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/search?q=Army+Mobilization+and+Deployment+Reference+2020.pdf+&sca_esv=84adf72e07b86e49&sca_upv=1&source=hp&ei=GmSOZorQLLf-7_UPxaKn0AM&iflsig=AL9hbdgAAAAAZo5yKmj-Ka5TLG5pqAgqit3Tkji6REzm&ved=0ahUKEwiKxeO3o5yHAxU3_7sIHUXRCToQ4dUDCA8&uact=5&oq=Army+Mobilization+and+Deployment+Reference+2020.pdf+&gs_lp=Egdnd3Mtd2l6IjRBcm15IE1vYmlsaXphdGlvbiBhbmQgRGVwbG95bWVudCBSZWZlcmVuY2UgMjAyMC5wZGYgMgUQIRigATIFECEYoAEyBRAhGKABMgUQIRigAUjGhgFQAFgAcAB4AJABAJgBmQKgAZkCqgEDMi0xuAEDyAEA-AEC-AEBmAIBoAKhApgDAJIHAzItMaAH5gQ&sclient=gws-wiz
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc0142cc40,0x7ffc0142cc4c,0x7ffc0142cc58
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2080,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4476,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4972,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4964 /prefetch:2
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5184,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5344,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5148,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4932,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5300,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5164,i,978057157003701156,10330054194446567042,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3104

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2316

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
648B

MD5
af9fd40a5adbe99ceb4b561a7fa98209

SHA1
43deb0f49134c4bce9a9f3bfaf456feafccb568a

SHA256
4be691ae078d65e32469dcdadd0f390aa8adccffeb097cda840cf17c03409eff

SHA512
4c43308e36767c04adbcfd1811b1cdc7229582edaa9e157c652acc3474e1e65258efe1d5ed9398f98aeb43c5d55defa419cfb7c11f8d5c3117a1da3c97fa04cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5ee3f816704fda908f197114525e1a3a

SHA1
640c1760a296bf991b82f8fcd4c27e6488dbd34d

SHA256
743a0563cb9a9a4252d0ff87aeac93f4b4e8d38921b82c8b67e7e5603dc3e5dc

SHA512
6a45b565293ab2329d2acdd66525dbfb675ea4b902ed96f94ced4dcae8846b1c2c4f6ea4e215ae74c0b95534b9a27fb31e26915da698a3281f4a4dac4deb03e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
59b3fe6c50ed1c86c372c5d15befcd0c

SHA1
6494acc6d2646868c8744c299a2c334ab2f55810

SHA256
afe6c69a15293c22fdf5803c7b05efbb01262a79fe63c98314d40aa91f93a4be

SHA512
00629f485284d14c35617a6b7a2d5ae6b2a9255fa46daba2d94316f9b8f93043da56412bd5bf80b9118533c1992731acf90b381dd795fe6f8ee71381adfcb218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d4f8417e3c4871550930c0deaa6dddaf

SHA1
7be7657fd384867543ebcebb7e56de6d8d3d90de

SHA256
19505cbde449f374359f4c999458785ef69a9c746b619e8d63f6c70dd2363b33

SHA512
c31042219fc82c817d9de61517b51668aaa5c1ae18e37614f24dcd17ba82ac2d713eb27d98dc9825928d3c259800cfedf78c4dbadb314054c1ab2f3abf9988ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4a2f195411601a5d8a68616106d21158

SHA1
082e3ce5b28216c5270e6a5d674f4d205fece8ce

SHA256
b9cad01e8c1dfb217f9353bd6f6564dffd53d2e741138d9204b90880e76aaf56

SHA512
c62f5239092f59c3c733e9c88a29a8efda93e4d5edf729e4e568b1010725d35f03cf20f26228c9faae17963364a3077636de1607f6f969f2caf2187cf5e605c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
63088f9af395fc8059ca07bd15b4bfcd

SHA1
c8e93d5299e64355e20f06675e7c260eb4ec7ce5

SHA256
e9e406d21383fddf3c328a5aa0f27d486bc16d43886bdc01aa599756c4ea4bdb

SHA512
c6768f3ba6d0767b7bd0fa31cdc2825d4720383028fec4cd6b53c1ce520347bb8132b24013f786a53347018883f812568631a59d1e981ae608693dfb63e2926c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fcbfdddcbd461895a4b88a1b43ca283c

SHA1
4a230807a4068529c4e50722f39c7e13db1d99ab

SHA256
76b764dfdc91accac4ad7414028fbaaa4b417805b1687ebd838ff591481f67d4

SHA512
d27edd91ed7a96f56f60c7d7836048ae6649583c47bd62644af1c58f1bbcc807b3745d734f9d5be3cc4fadc66a44234dd1afafd64635c5e803cc475a1ac35671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
dc887747c2a2b48d038d710db988403c

SHA1
201bb1d88a65c341fbdbd705dbf78c86580ad504

SHA256
ba4e9d4f2f790ea8ee7820fcfe46518c0c36dedf16a51b42bb218a6f10990dbe

SHA512
5bfbe26e0008c66d88b35f65fc25bfb9bded571266127cd67930091797aa937c27ef0c48da9532789e3bc441792072f5ac1fc2029567d2c1fdaabbaa459af6e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
83a99528d01a2011a96ec433be45c31d

SHA1
efb47e2c26f57c18be0276e3947aa718a415bb60

SHA256
d3a68f44e81f996695672c62db637093aa5710f84090bbae5b589b48cdad5be9

SHA512
807725b499e473942ae3ee30e3be75520b87c97f2fc6e0434bc4e37149b472363450576568f8ac3cd4d94bb2549a186dc60ae0d38929afd4bdbaa98a15ed1cee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f68254f46b9b5cd4f2ad19295a01292b

SHA1
3131ca306b2cb3caf07fbd3efccc38bbf91cea20

SHA256
bdee8520dafa3ba164008e4e7228981810910a40630a52863a80e1baa55868fe

SHA512
262e8a5f3f903c9701214f9a3cf14c79e8a7b18ad6ff24c990a7dd23463591db00b619213e283371399bf8d7631b01a5f27e7167bcfbb0a04a7717f071bb5e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77e38f2c4364b76afe2af5e94d742a1a

SHA1
09052220b20694620c8bf415f0207f8bcddb83e9

SHA256
51bbeb55a440362745a9a8a2931b5054cbbcb50b909901ee79102352fbf08e07

SHA512
136138d509d7d1fc82c25fbdad702396694b0b5ae189fc0834e822c7257afb0ce53a7018e453189add4c944a5a6eb416cc8d3d132c5a566d9d4090743000924d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0197e7424d00c7e094cc1d4247aa3d97

SHA1
7efd5b978f14e670f56b79bbf0fb7a563d24108f

SHA256
7b27937d08472fcaca157d37ff15ba37fe030cbbe4b310489760b56e8c602187

SHA512
278c55f28eacff31064fb08da2581f4ed37dd19baebf4abfc6c8c4a2a7d96b6ade38c41a62261423778d373b9cb8da9485e255a3d8a695911b046e0b8fbe25b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5a350bf901c19486c268e9f47b1fbb0

SHA1
9414058e30fc519e14b69bde9115c0e46a42dd2d

SHA256
027d1371873895a9ad6446de76b78ddcb018ae450eccb8d43dabd1dbb026d9f1

SHA512
c5e43d4271dc4787564717f1a108f801171a7e01ceb9a6ffda213598479f4c3dd1fe0c0d773fbafe035e0356e97815979afe2895a540164f7c51aef6c21f7dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
456b970cb35fa25b3379f4e20f01d5bd

SHA1
f62bc5726541e2692cc3534dacb8446390dcd956

SHA256
1c716521e0227a513c6dee5745c881a7292953cf5298d2d45ef9730204cd6b32

SHA512
de7a5121507d2da7a4ba2fa0c68cacc21bb0830dda74969905e83f46d9dc4920121e1e87a825854b7fa83b509d4e97c75dea1201f29e5d64a3b4a67e1e4e7bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e8be89a6cd1961d0a9987368b16aef6c

SHA1
7f91046b09f511a0f390e7663addc78c90842d7d

SHA256
dd6ec046ac05b7b58d08f9e7303418edc897e7378c9397b922611f62be1fcd21

SHA512
165c7def8306444873626ddfea9aacb4e861ab07f4b1d58fbefe4c113393a63ca1ef958b1bd5960a6721af8a36681f3c8ea3501934a194e4898e6eab3865a123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d6743008d002580848d991c32e8d5fcf

SHA1
964a10e22727bcec671e1d731946d8228bcd3c0b

SHA256
b5272b38596d1614b90731f6c1ac713914e4d44024ded017802e6bc54edf4c6d

SHA512
4ace0a563e04d8e6a6c1cb6281e014fa9d5048cff13a8ffdba3a0d5faf19e74fcb45637911c21ce5485849fd1d0e98e94e9a3b71d82162a7ab04568cc076e67e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8335d1581c37ee9d21091bf8cc29f5f7

SHA1
0fe8eeb3e1887c468c2ca2875d85dc1413b41128

SHA256
98db625218017acc66072ca848b67230478f550fbc447f22c0ef982245729192

SHA512
74c495cc4fa787464454ebcb1362064afc5c281cedfb6ef4cca7ebb009116e320e93e07266d6a917306bb7306dfd039de2d55fad1872c549f2541cd4ea321d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
34a5fdf1a7eee50f31829746df16bcbb

SHA1
08fbca61dd709d988491ac3c17cd765b567706ee

SHA256
047d327dc3910fc1cc2f428b22738a8d9fc9287f7f3f6f1b1d16259d66c75095

SHA512
aea7888f1333f6a88dc3385381e74940aebb8bf7fe042c2e85e8237e56aa2f58172dfb5ab3f04cb0f4bb9c696f24dc78bb317b185b0b4bc80f744fb8840bb48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d780551625cf71fcb6d0710fd9cb596f

SHA1
7de561d619003f83b95ba156d198db04dd24bf6c

SHA256
2d72e126617836857a4bfa257044c0c4e798e2f833294c777f6e5749dfc3b612

SHA512
149fd7c4ee9c91dd9f8fd30e6b9eac215477135f6de08748524c40a8d4ae381a4dc4c338f9a36e0278a4f968a40dfc1b2b3e1516145f94f1178e5330fe954b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
65f7b4710732f4e57d303f6cb72eba11

SHA1
db5d8b25892a9bb6b842e5ebf0e5efdd0cbae656

SHA256
b154bb4dedc5a97011f003848b88f5e471ff62e2670d703c40bc0913664d82af

SHA512
51723483f1c91dbd55619a754aacb8f9b25905c978f7f83790d8167ef7bc60276a930f1f1d9a4b9c3f25bae32dc20d21244e1e73c7c516a1025f290dca5c5298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
67ee8acfa830dcf96076bde9c6a3f370

SHA1
32fd2ab11c9ddcf04705410fa90c708e7a6285fa

SHA256
613d6f0eea18495e0c9f022f22958098d7fdd7c9bd8fa3e458fb1706002e59dd

SHA512
11b91fd27469240d977351c0ea81931814560a19490145a04101fa0f840dab4ea84b60a9f5da0d949a5847245652fcda7c79e6d0e33a933658f60042e7d10577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe4558aa09c9a247fbf5da43676fec90

SHA1
7a3cc1dc8452a3cc0f0c90a0dbf910780519c1c6

SHA256
a182ca29d0ab683acb23a3dfd4a65d20010c11f4c8c6338c4e640aca11066970

SHA512
14306ebe7e538c42c9db4ef9e5a9afc978e39fdf2547400228f97188795ce3fa359f40eb3201d9997150a89bf1b3aa99e7c37f86ab6bbe84a3bf145ff9220e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eb6602e62ffab5560b5d1ed7f9215ef9

SHA1
ce9dd8275c675c3d56b233b99bb70010743392ea

SHA256
88ac3c1862eef4b84c05d01b4b067bc5d8681b32568221ab221d63b6a260d118

SHA512
b81a11252c0a5d5f366eb7921633cbec94623f0be7b8f97cc2aa5536895baa9b2521eeb97566e54d4371e8244876799cbaabaf245f14b153b553ac4b5253e2ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4849ca5205d2db65dc1995507c6c072a

SHA1
8c22e1d3d9d813d444929ba3bb783f11f4089f84

SHA256
94b8ea1e6c66604aff164b1fa9017a0479f1b1408af97cce8b405a2a62d4ddd9

SHA512
fac311626cf8afddded4126feca2eab3c0a86dd50a42b324a643a60470bb8dfef81560db5c8abf27c028dcc7360c6aeea40500899f97bc70a41ac0c2ad18ebb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b2570018a2bcce5c571a4cb817dc2ae

SHA1
a7e7502ca341dfbe72c91c38cb0ffaeb0b7e224a

SHA256
370db8b5b37481d6bc92b9b6eef5ab02cc0fb11d5683569bec9bf88eda30062e

SHA512
bbf36af8e8ce32b3cff9fa30018cb50d899a75e651d6de91243cfdfce3a4db517113d15c9fb1d2770c20bf4519f214053cd9d34e566a251567b63199ea6fe75e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68825e0862b7572ec05a060243c8f3b7

SHA1
409eff63d94e023bc58e600446696acdc131619e

SHA256
6f990dbea3d332a3919a11ed09bffb0eea7a454cdb949aa5f22e6c8182f02189

SHA512
6c03724128f9afa956fac7090e6258e36c766cc6083d07768711dfcd4c38d4fb3eaa83374a9c4e6aa0be7d643951a3316efa7fc000de8a2a36da8ccda0195cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bdcd115a1823f30138e44df9f96bb4af

SHA1
09814722fe91944895cde53e1bee7f7a17e2d887

SHA256
1cc53f2a4155dd8d764898e05d1bacc894eebceebde33c28f7426a26fc866679

SHA512
62adc17bf1e26cc64d2848511223d819dd92cd1becef51becc9cec3b4dc72db3cb69a8b2f6c7454bc2417062b43e68e3879b2b0407718356b91464be6f7dfa98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b8b39a2bb6dc4a33db9d6e7cec60774

SHA1
78aa1eb5465191059887477a95d3b557a3c9d35d

SHA256
cc91ac7e3931927bfdfefcd7e850a0d3998924ebcf0db2cbdef52452cf7123e0

SHA512
7ed38fea3c2e6a76cae926114135a66fff632cbd815b5b73c585afdd6df6e4ceec74a828833fe8475995ed79b4cd9a59d9f50d7818c0e0b00160125f7951de13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32bb4366965c33dd2c5979f76577e06a

SHA1
b07b3036529d148c012fa090161968553a5524f3

SHA256
b7dbfeaac390d9f4d05fb26f9af1ac6e5ab5199f83686c4162b4eb1458253b69

SHA512
5b84b45cdce289ab4fda3f32d598dac8f630ba42413d8115a28f4b935a1a7f3f29b0e000b8f01a097cf705cc6ff86b7d2f89577b18d01870fb46683ddce9d499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
4a8043ea7199764b5d15fce2cd706a54

SHA1
ebb7f6db3dc8bd064cc6e51ce9edd1e3ab9997ac

SHA256
985f9020bc8e02ba26c45ef608f6bc97a354aad3018f464375d2d84a2b10f3b4

SHA512
7a3bb1b3410a8e51cef2be456f51d9e5eee619f89eafefbc8cb5fb728443dcad7d1af2746b0d0436a0f71a40f1a9547f406da9364dadd0511538ce3c5d8e20f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
cef0d704235c9679e46398046ea70702

SHA1
ba15e048e5477f2b7ee0e81aac8ff8ae0dda4897

SHA256
b56b5ab3d3ce12305f83a3154b653413c690ef41d75046f9d5555117f07d8388

SHA512
6ec4ff5b5c0c17dc45ca0315e6d11ed70fafbe857d9dd6561cabea3cdf0ad2d5f25ae0aa3364ab651062c94d1b52b192ad3622abaa38f37e87a45f1743dcc0b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
b72fc148edcfd4fc90c0a3fd92590e81

SHA1
d485e257f8a4b6baf4b5bb62d1b587af28ab2bd6

SHA256
7e9bc11b3bc0d0c5476df176f60db8da120a3bd9c522e88b3bd35c4830bc4122

SHA512
51f255e5367bed4fe243380a83ac5eca75c5bc3caea4b7e385fa33818b4889ee83e7a89e8a11a961db7f32e9b725469c9ed5843db669aea4629cd511975faf3a

Download Submit