c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65

Resubmissions

21/07/2024, 16:57

240721-vgrhcswama 1

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 16:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cs2d_assister.zip
Size

36B
MD5

a1ca4bebcd03fafbe2b06a46a694e29a
SHA1

ffc88125007c23ff6711147a12f9bba9c3d197ed
SHA256

c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65
SHA512

6fe1730bf2a6bba058c5e1ef309a69079a6acca45c0dbca4e7d79c877257ac08e460af741459d1e335197cf4de209f2a2997816f2a2a3868b2c8d086ef789b0e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133660547877600885"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe
Token: SeShutdownPrivilege	2708	chrome.exe
Token: SeCreatePagefilePrivilege	2708	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe
2708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 4552	2708	chrome.exe	101
PID 2708 wrote to memory of 4552	2708	chrome.exe	101
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 4828	2708	chrome.exe	102
PID 2708 wrote to memory of 3048	2708	chrome.exe	103
PID 2708 wrote to memory of 3048	2708	chrome.exe	103
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104
PID 2708 wrote to memory of 4408	2708	chrome.exe	104

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\cs2d_assister.zip
1⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb2e3fcc40,0x7ffb2e3fcc4c,0x7ffb2e3fcc58
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2008,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4772,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3716,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3264,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4624,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3280,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4440,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5340,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5268,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5332,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5372,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5228,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5416,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5016,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5168,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5648,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4760,i,11894232882444661944,15904915356475906497,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2552

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3268

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0179266e-6983-4fa2-802b-296f805985b8.tmp

Filesize
185KB

MD5
44110841ee8f16579623998df484189c

SHA1
0ca0e590fe799745af039c4984a7a53a7741a1f5

SHA256
95da79e16fcb7dda59cfa2ff7d27ad3d6a29cd009b2cdf0d17bf5dc3e7d9fb6d

SHA512
39328a5b973df62a9dbb4fa6f6007edde985b26d81466db7da7f5e02f64fa3b9f48abdf43d42aa2687cb0fa5f3f4c2095cbd3a94713d251958c4fbac2e37fbd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3c74f314fee369bf1fff56361aa73669

SHA1
34344981a9549d74bcd783c8a788192b51dbe786

SHA256
0f124dd4f2c2462ed9197876c81a0660b1936ccaa18c3cd429d666deee13e96f

SHA512
aa31dc8dff76ecc6d73783c742c9f7dd717f85ba14cd1d8bd80a8411d2145055443ed709bd679e3f2838b4dfb222ef5ca58aee664bb4a7752fb41a355b68ab9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
6282661ab6898c9c38245b14a8b5a457

SHA1
7a8684c4ce26588b7e01ee6931db6885842c2d60

SHA256
dec6d9bc45e751a039a0e6f2039b6ee7121d970c7b623bdc1137351f861e3c9e

SHA512
a4c24286c5d0e1ab547c9842e4a6060d7368e139a18a8c646c5374d292d11c7a789bcec3ee68c11bad11b49701620867723da4fbb6de576f9bd04507ded27af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7f3b385bbda8c341831d35a9d53966b

SHA1
19b20b0134007f7871f74b39e7d10a2ba7f9a630

SHA256
ee5256926694faaa426dd0b339dae48c77c0940ba04117cd492e82132244a4aa

SHA512
d0f3716437758337787010d4b3b925ed9205b2a2b042955c601462244f60abecf9fe9a87e5c5d95c7ad4e196f328988e3beddb0f00628e7a1126eb7c99767ec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
57634df790df939a3066f4b355b20ca4

SHA1
b22108fae0b16383a23d016670bd32bc3151264c

SHA256
2ad64612d401d52c2700e0b10cecd1005afd8b6bad11606b222962d1e89cbea5

SHA512
34766d1b79f284577b2b48224ca10e19829a29d27b56dfd103b2a33a63457421986850956298bdaffd587966dd4963159caa4c1f64966c4d8500ec4a84a09d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db140730ecd44f0ceab6ec08572adf43

SHA1
124ee7c8e20a696ef7519c3916d1e8531da43d73

SHA256
88f6b485d8b3b7d9bc8de3cd67c17bf98972c4acb8122173642a42088e43fcee

SHA512
dfeedaaa9341b14792fde4b1f3fdacd8d3b54147910e840de048384181a5c02104bff114087843dad4ec10b8cc64497e884bb59bfbfc8443172f9f2371640529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f57739a0ba24fd5c56ec3a602d78c39

SHA1
f1a80ca0e975886e3ddacabbf10fbb9e1b577235

SHA256
92fb8f9103cfcfcdbb35ceac0fa27f1c144a2610aadf17065f8cb64e66207d67

SHA512
b2e25ea54bc67b2a70dda813ca8236426a5d5c429a8a2fcf538a345a97fa4e699516ade0a72a9cb2db7b23a25bd51b9815183020f7be052bd450a66e10ffac06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1efccb4a175f08889eb17eafa62c8376

SHA1
307b539d7c3f09671f2267fe051d0101ba080f75

SHA256
aebf6856fce242484d405e52e7ba0b3c21324e87d54902c71567c11ccd565d59

SHA512
a531300c3c143cba71bbb66f0a03599b2436f49e70ad50af15099dd89b9c7587dc6e3dc647ddf5389d585a2f9c8770ace9eb858e4187f74e5f378489e180f991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
711fa8425d342e8a9fe2934e8a352872

SHA1
dbcf9f77980d608fced3ecb862814eb652abc46b

SHA256
c0dbdce8bb3f560c9687ece7f8d8c952e6109066e44f4b46c67b3c457415258b

SHA512
359cb809f350f217d311e5ca40ca6e1c068f6df8beed16fdc26eed016426bf332b62ed4e5821423c3b7eb2b443efd73f483a77fb285f6c9c9db1319f849f3ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
c78425b349ac3359fde78cf092a97d1d

SHA1
6b994f3706d2c8bb3f8e3ee2f45355574c390cb7

SHA256
a1027e7ae6b34dd5c221ae98cdf890bbd0fc6f0040691ea65029ee747be24632

SHA512
2542a8230fa97c0f6991fdcbcd3c2f8321c86d4a449eac790ad1d3e55e4f9f1764885eede8d4df803c25915b82c76424ac25d31ffd7ea3624493785b58ca40f5

Download Submit