hxxps://my[.]microsoftpersonalcontent[.]com/personal/c0a97ed01ee344c6/_layouts/15/download[.]aspx?UniqueId=50b05fa9-6ceb-4592-9655-2c04c0ca0d49&Translate=false&tempauth=v1e[.]eyJzaXRlaWQiOiIyZWYwMGJiZS1kNDYyLTQxOWMtYmRjMy00MGI3ZjZjYWIxMTgiLCJhcHBpZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDA0ODE3MTBhNCIsImF1ZCI6IjAwMDAwMDAzLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMC9teS5taWNyb3NvZnRwZXJzb25hbGNvbnRlbnQuY29tQDkxODgwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsImV4cCI6IjE3MjMyMTY5NzYifQ[.]WXhU_gqkmGUEO6peLk1FWryamdZykx4ThOo_iY8J7LaBhVupCJgSixLuQEQ4LTIDRS93kIgjYYwN-8UmQMNQEHKZ0XLtQGJjrkhx_JabSmU_WIIB-QBpbLAqzILP_4B-V0UJOrUcwpSm71_pJUT1NvZYQVpZCxiVz5bR_FJSZO5uEjp2O_fygZ6bDpDYubzwj2QOpzDAwxJGEvICrhvfo8gz2jlraIr4Am0EKbohzsg8HskHfrDGEX2c2e95ZTT7307FX4vvaT-FJFFUI03YNni1ZPluId68FWI_-GQx3qZWK3HMOAZ9rrOW0Mr9F-yTQyBM2yK6QoeqL-suZjzDaURB84rhygJHrh9R-Kc0JbosFWnC2cPCGnb12zl7bot_ll-mpFBDsSRG-WNlxdsAkedTS48vZyUj9eMM7qDYfTo[.]mViAZvc9W6Cmj9RbKPilzkz-7IMgAel-YN-rz8sEm0g&ApiVersion=2[.]0&AVOverride=1

Analysis

max time kernel
149s
max time network
144s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
09/08/2024, 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://my.microsoftpersonalcontent.com/personal/c0a97ed01ee344c6/_layouts/15/download.aspx?UniqueId=50b05fa9-6ceb-4592-9655-2c04c0ca0d49&Translate=false&tempauth=v1e.eyJzaXRlaWQiOiIyZWYwMGJiZS1kNDYyLTQxOWMtYmRjMy00MGI3ZjZjYWIxMTgiLCJhcHBpZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDA0ODE3MTBhNCIsImF1ZCI6IjAwMDAwMDAzLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMC9teS5taWNyb3NvZnRwZXJzb25hbGNvbnRlbnQuY29tQDkxODgwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsImV4cCI6IjE3MjMyMTY5NzYifQ.WXhU_gqkmGUEO6peLk1FWryamdZykx4ThOo_iY8J7LaBhVupCJgSixLuQEQ4LTIDRS93kIgjYYwN-8UmQMNQEHKZ0XLtQGJjrkhx_JabSmU_WIIB-QBpbLAqzILP_4B-V0UJOrUcwpSm71_pJUT1NvZYQVpZCxiVz5bR_FJSZO5uEjp2O_fygZ6bDpDYubzwj2QOpzDAwxJGEvICrhvfo8gz2jlraIr4Am0EKbohzsg8HskHfrDGEX2c2e95ZTT7307FX4vvaT-FJFFUI03YNni1ZPluId68FWI_-GQx3qZWK3HMOAZ9rrOW0Mr9F-yTQyBM2yK6QoeqL-suZjzDaURB84rhygJHrh9R-Kc0JbosFWnC2cPCGnb12zl7bot_ll-mpFBDsSRG-WNlxdsAkedTS48vZyUj9eMM7qDYfTo.mViAZvc9W6Cmj9RbKPilzkz-7IMgAel-YN-rz8sEm0g&ApiVersion=2.0&AVOverride=1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677095132729056"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2992	chrome.exe
2992	chrome.exe
3100	chrome.exe
3100	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2656	2992	chrome.exe	73
PID 2992 wrote to memory of 2656	2992	chrome.exe	73
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 3884	2992	chrome.exe	75
PID 2992 wrote to memory of 32	2992	chrome.exe	76
PID 2992 wrote to memory of 32	2992	chrome.exe	76
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77
PID 2992 wrote to memory of 316	2992	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://my.microsoftpersonalcontent.com/personal/c0a97ed01ee344c6/_layouts/15/download.aspx?UniqueId=50b05fa9-6ceb-4592-9655-2c04c0ca0d49&Translate=false&tempauth=v1e.eyJzaXRlaWQiOiIyZWYwMGJiZS1kNDYyLTQxOWMtYmRjMy00MGI3ZjZjYWIxMTgiLCJhcHBpZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDA0ODE3MTBhNCIsImF1ZCI6IjAwMDAwMDAzLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMC9teS5taWNyb3NvZnRwZXJzb25hbGNvbnRlbnQuY29tQDkxODgwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsImV4cCI6IjE3MjMyMTY5NzYifQ.WXhU_gqkmGUEO6peLk1FWryamdZykx4ThOo_iY8J7LaBhVupCJgSixLuQEQ4LTIDRS93kIgjYYwN-8UmQMNQEHKZ0XLtQGJjrkhx_JabSmU_WIIB-QBpbLAqzILP_4B-V0UJOrUcwpSm71_pJUT1NvZYQVpZCxiVz5bR_FJSZO5uEjp2O_fygZ6bDpDYubzwj2QOpzDAwxJGEvICrhvfo8gz2jlraIr4Am0EKbohzsg8HskHfrDGEX2c2e95ZTT7307FX4vvaT-FJFFUI03YNni1ZPluId68FWI_-GQx3qZWK3HMOAZ9rrOW0Mr9F-yTQyBM2yK6QoeqL-suZjzDaURB84rhygJHrh9R-Kc0JbosFWnC2cPCGnb12zl7bot_ll-mpFBDsSRG-WNlxdsAkedTS48vZyUj9eMM7qDYfTo.mViAZvc9W6Cmj9RbKPilzkz-7IMgAel-YN-rz8sEm0g&ApiVersion=2.0&AVOverride=1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9ada49758,0x7ff9ada49768,0x7ff9ada49778
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1904,i,12812865074054200895,3794998419535513448,131072 /prefetch:2
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1904,i,12812865074054200895,3794998419535513448,131072 /prefetch:8
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1904,i,12812865074054200895,3794998419535513448,131072 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1904,i,12812865074054200895,3794998419535513448,131072 /prefetch:1
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1904,i,12812865074054200895,3794998419535513448,131072 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=1904,i,12812865074054200895,3794998419535513448,131072 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1904,i,12812865074054200895,3794998419535513448,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 --field-trial-handle=1904,i,12812865074054200895,3794998419535513448,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4988 --field-trial-handle=1904,i,12812865074054200895,3794998419535513448,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 --field-trial-handle=1904,i,12812865074054200895,3794998419535513448,131072 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1904,i,12812865074054200895,3794998419535513448,131072 /prefetch:8
  2⤵
  PID:1852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
bc75f9422f664911139872b800589ed0

SHA1
8c7a2d60311b2c1199a06a4e8a1fdd8e3fc9aea9

SHA256
c1e083aa570f98b92595d3dfb76660355210ccbfd313750c48e8bc9d39677c28

SHA512
7596652fc0300be4e9040e6dfd876e0f881156a0cf414d16a64f946241a1f487312217511d68f2fd34096f8fab7471c0a23dbf801820690ed47cf06ff0a5d32a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
657B

MD5
72cd24b57c12501e469916df228aeeff

SHA1
95ecbfd1c878cd53a412d4da79dd096ac119af8d

SHA256
e61c2168fc8f5c8bc7da130f936414c9907b82e4b3fa7e198abb74a43c1b70aa

SHA512
cc5bf2d0d3cc80a31bf94a9f1f062400a031d9d162aa22ee2eab575c89e66f8772231927e598b0c2764f5de0f7cd6d82eb41c13eb88a97bc647d68fee3094adb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
58adf91c747e7950151ef4f69ec41808

SHA1
a7320a09544a73e1b9f3d4675d160ae48bd1c196

SHA256
a43014bf4ecce19b2875dae46311091b75f57bc9b2a264dd11dfdfbf4e48f955

SHA512
ae19ccb553d11ed5a832e1f7f74471c9eb222f76ec5d0ee8b63572415abecd93a568d151a8e1946e97d2c26bb6345fd55900546430c497009b58db4d948208e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
a378bb86ea8e81323d554235985dee8b

SHA1
7bde5e3627d785fbb6bc005ae4e1af4ca317adcc

SHA256
2a509edc3e3cb833bd7761010a8f1e9d1ad86e1bb9e41120ec6f8b7f7e5f7586

SHA512
61cdda585025d98daf91c5f5ef5340be795ef8225f5c90fb310a5fc5fda4a9fa2269f7fff09b0285639160919749538a1bca573a11471865b2ff87e3e870cbe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
d5178dd4b568b270659b272f400ff3a9

SHA1
d1c49e1feed907a42650f94705294910a40343df

SHA256
bfe8b6470c195f23cbf1a6ac067ca8a9f7d518a4568782a4883cf88d1a9334d3

SHA512
4918d18c7ddfc58c19f5ca178f5401cd6e81eee63e084cb54e01dd1e65366416e4bf12e3849b5b145a12f313ac90c888b8adf816936ca28c81d824ab514a1eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4509705de74ad4bbbb3a601b1c630b45

SHA1
cce8130b82f0f7614ab33f760e5ec308ccefe1b8

SHA256
d2956e275fc72db8876a66cfa0a4e0507441d3eae2a41cc25a02ecb9c4f14e3e

SHA512
2865812e2bac9b39ed1ce617804f55db9eca0432a1fd54274a0aa5318237cbec46341c11334d30ccccd22633a191616b876811a264274af2a846469e77e83520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b09c04ca8225711bec996baf11efecac

SHA1
d425cfc14b2ae83aa33070ea7ff506f9946a8048

SHA256
5e1d1e276fce7bf670b1c21797babe1138d2ede2b775fbad3db1cd51b600f265

SHA512
b20e16e141edd182102199f23e8f643aa22b7aca9cf588d0f242128b249a6d7759f242f97b969a80410fbf145df67b7663e26b4f831263eb349607e271083d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0b6df4ba05f642c92a4b793f94a8fae0

SHA1
d683dae616550f97792be690acd7f26ec7007625

SHA256
3c07bbd6b0013f9a8fafe3f7f1b526584ca817a793dce7c8faf2532e7c7d3133

SHA512
34f0983faa7e03dde1059ccbeff66b89c4f4a2c70e8c83e4f996c374848f11d2f56a5653d9c4e1a6da1892f05af37e8dca97cc49633cb0a52de9ea4fcf870224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
11623ac0156d7cb7a7442f8ec39ce025

SHA1
103d4f86a5586a60f63d6b675faadd23ac5a59bc

SHA256
9d12553901338057ce2836df619c6b61ac6883ab57edbd8252d9234a98b36ba4

SHA512
c6a44742881e5310c7b6a5591d5275dd88146a83113bf28b446fb3bd21c1ead7ec81ee6963031c20247b924646f03179c98c6509e708535f9302a0cb9743283a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
b60be7b3e0eb962ed146f58710723062

SHA1
9bef8f61c7b3cc7f34e9e5842cc4e17176094554

SHA256
6d4e3506aa57383c7b35b35f3696bd483cf24d813f3e47a909701380612bfa56

SHA512
f67f5a1949de2ee0eb4f5fff32a53c7a3ff2548a7fd09488816dce883fe15eca757c5836869c2c0294276054bcab5f845501d12a818d6ef82a61cbfcd7e1e704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
40414ddff57e5f0410b68a73bc7e6f4e

SHA1
eb99052b3342d11580b41d258ce9115a3ba64031

SHA256
a356a27f08f43f0d021b5e753c45e3c05fd83c7bb02b1334ffbac6d00ec571ce

SHA512
d42d999995f0ac1339100bd9e3e64e78693fe85ebd57704f35edb2200ab7f6a8bf0ce9953bd748e112671d0eff504d195fcf013aeb6c91f760c519837cfb3f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5984f5.TMP

Filesize
94KB

MD5
ce3fa1908cf8248c2496abb267db2d6c

SHA1
08deaa4d7aa38d960233768d5805ecceea00b2f9

SHA256
86362f93590e281f7634c0056ffd033514ed601e4012c3723fd0c1ced9961e01

SHA512
c45d9cb082d038b2d410ade836332b45423cb7b0d598b1f4324029c72d53daafdea7ea6af2c9ddb6dc4b3d590ff49be5595d3bc645ae6887b29b6ef2bb4e3779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit