d7a9021b90b6bd951920b6bb581908454bf73c2147a6a39c26dd16fc85244bf2

Analysis

max time kernel
96s
max time network
101s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10-08-2024 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mercurial-Grabber-master/Mercurial-Grabber-master/Mercurial/Resources/Program.js
Size

9KB
MD5

f945d3beeb05d37ee2c723197b15a19e
SHA1

b64792711caca858a522317c01899f0ab55913f0
SHA256

c4d8efc12d3083a1367b396a1000f7ac978673e673d9d7db334836a3a469a5fa
SHA512

afd63758153c59e9ba06afad277623e46ebe77cdaa364b6a16c8c8d5ecd2a4fe27ecf9cc5d0fc4b0507e6a01f5c6bbf3ad388af2e1f7792040dc04b9e6071117
SSDEEP

192:iFPhRrA43Dt56B0WOGXSCHKXXOCNegUz++TwA8BYs6S6vSdfCPyY1KMQCjGEZ:ithRrAqD7GY0gUzcpBY1

Score

6^/10

discovery execution

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
183	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677903885185973"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3660	chrome.exe
3660	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe
Token: SeShutdownPrivilege	3660	chrome.exe
Token: SeCreatePagefilePrivilege	3660	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe
3660	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 3900	3660	chrome.exe	74
PID 3660 wrote to memory of 3900	3660	chrome.exe	74
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 216	3660	chrome.exe	76
PID 3660 wrote to memory of 292	3660	chrome.exe	77
PID 3660 wrote to memory of 292	3660	chrome.exe	77
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78
PID 3660 wrote to memory of 4360	3660	chrome.exe	78

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Mercurial-Grabber-master\Mercurial-Grabber-master\Mercurial\Resources\Program.js
1⤵
PID:3280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe3bff9758,0x7ffe3bff9768,0x7ffe3bff9778
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:2
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:8
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3996 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3136 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3452 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3136 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3180 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3140 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5088 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5296 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5440 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4740 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3240 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5888 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2180 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:68
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3056 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4660 --field-trial-handle=1848,i,3733250804530428325,5603208320040623307,131072 /prefetch:1
  2⤵
  PID:3156

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
eb46d4cd2691c485f00def135d99ce26

SHA1
5e94c2158461d70b07ce09b7e3f71f64255f5ab8

SHA256
a9a1260572c88c2ee48787170fe062a5e8283b5f38da212289bd64a50eac6262

SHA512
8f2e14dac1874cdae5ecf7b5c95c5c30af7456b43dcc517443d2dcbe3c9e76ed63736fbcc7afd71c98b9188dd36843e31f72bf56ef7abe33ed37cc9ab48d870c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
742442c021fd92543f8e01763656ca0b

SHA1
dee36559e120c32354a4470acaa91cf080fe03b0

SHA256
84fc4f19890ef9d93e8c0632e52b926a7ed681ff6a249191ed7f55c9e0d4b988

SHA512
2af90985dfc3b6c5a5a267183fe12485a9f7af3f9d16dbe8ad4bb78e2ca9860a55ec66e517948d307b3cb8318b555d86a48cfc6f24bfc74edc24f39dd1d79a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cfde86c0389a1abc70b3c95c6bda2787

SHA1
2f1d3e3d0d34b842ccf35a98a3fdb39bfcfaa951

SHA256
b598d9eeca3cde728deca324c497ae7ee511ea37064005bb78ad32a49c8c5acd

SHA512
fb9eb4a4cb4fa455c5019358f9c150dfdd2bc5ce43d5b30e6f7704c25834a48da58f408d9752a6f34fcd57e07a9df83aef48994bf1bfe080654e2c87dc74c30c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
42d08c58df5e3b76932263ffbbfcec64

SHA1
c672752c55df0f7e5347e058613e12bb93d90af3

SHA256
290231a56319cce4be86ce3181013b98c7f00dffdc81b7889baad7c2c1654055

SHA512
272f15a765b4eb50a8e1b81d8ca16c29523e02a48e2f56f40d6c96dad2f151653438f90ea0d4a52f804da1eee4283133b46b908a1dd298db1cc09e2b22a7b504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c83bb9ba432b6b862da3d9a1739df0d7

SHA1
f109ed35eaac8b17c0375c8d23d4bee442650f71

SHA256
4a3fdb0cbb4109e93e662b7026cc83081ffb537cc6c9c50a7b5e97af15532f73

SHA512
fb4dae001022607fc2adef6bf70015d4218381f6c94bda7cf5d052c8933471dfebe6af65cba8332e87a1226effc317236b8456a070d21518d12c41f8c8e600ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3c987985887abebbd6a4d86d7edf0958

SHA1
06403abf220c520eeb0f98cd8bf424fd74436b47

SHA256
ead0bc90a0dc5bc981899004fca195d189840739c1f84f0417fcbbb619644536

SHA512
76acad69215adb0ed78268980b41ed30d45549a9a3e044ad7238ede9cb074f50dffae20afc29e2d0bc52007d90e2f8de2aa8504fd410e142892d12aa8ca45f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3cc79d5cff885b335e2c995cfdc8bddc

SHA1
97d2545f85589ce5228b68f15ffa82c596b1cd9c

SHA256
b1326423c26a190f491b11c237f910de1b62d60ba1f646b00c8e9a7b80cb3174

SHA512
354d417820948365407ccfb428150bfb1f6ed6fc5e2474c381678175dd4fc4ed988790c588a9a3621596a648c25ca6c2cc79471d5be10db6fbbf495a5dae23a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ed80f4d7c895755ba8ff969847900af8

SHA1
d4549253a375e48859aa6ee687966e5f359384ee

SHA256
9b6560a535e9e25183925700f536440599f1c52695445457edf78d9fe9475db1

SHA512
5f77860e2ce83f1e3a55deb52416a544b3ab5e7e42ab648de563b17f59b718cafb073457a238b0829a4d233b8f07435da643bc51a2d8fa31999d76e0ce887689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
325a8ba906af1fbc208cc3ac0aa8f9c3

SHA1
8ed4b4f58ce32c3888fcf1f824b9a55f1e1709e5

SHA256
3eb854ddd9c6e21eaf1587c9b298402e9498dab7113382bb55337589095e2691

SHA512
8247724d63eefb85ef481cf31bcc28a864181628a8bc91e40a7ec9b003a2bed41aeb340549e60aeae1f75f857d97dcc5d60233fd9eb5e1ea251b4c7ee6febd8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ce55e08609263c414139da204139c45

SHA1
635657fbd585a046c236462adc1a0d85fc8520c0

SHA256
9640d21400ace75c7afd4a41d0524c0630bbb76d13c7805d9f41438546235e25

SHA512
39bf3742b9e7b98a63fdc2287c60f032465fc25c73708088599f5193febff3ca89e375c437f436442aee4a2740a4f22bceb11b66b371eaf7498ed9bf443f0a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5abba7533aea4c5ee76314cf39b6777c

SHA1
016087040cd54bffe630eced8188615ecb63ef44

SHA256
fd96d7cbcf474a39ff1626f4da0c4905b5e619956c3f190659cb9807396caf34

SHA512
ab636ce3df9f0ef15d37565fc21e827b582f69eb1ad30040b49cb3f066688121df0df4aa38f18c3e40d2da34377e8f538820f896d0f632d7c24d4056f464fc84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7f725755a1e00ee11d4a22bd212beb3b

SHA1
ea244e3c21f87d168964bc2b99fed6b92fa7166a

SHA256
3478f841c011650db9dfcf07ab238d9c0cd8288e59d200f91bd549e35c77944b

SHA512
6df823bad6668557ef7523f78aefb8c71312ddbabe9d6e2a68a292dbfc09881ffe4f3474535e289d99a90288db4d69a07aa0626671f07bb3cc0dff22ab26999f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f7fd2b29736af5d2953a273f85339e28

SHA1
7c775e19d0e3dfe11916a999db145a00a7f99d1e

SHA256
95e2c8e92454440fc73a60d8febd597d5c984400eb90d8c57ed20e9b73b745b3

SHA512
3f1acc19ca7e52371ecb355137d99d8c0ea422defc932eafb74d2a7c6aea1bbbde5e1585a98195643f69acb1ade386bb37ad83810115f5dd45aa3480ea87f5bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
97ef541d94368847658917064a8caac4

SHA1
1176f49cdf7c48241d48e15e1a8a6625b5c13a08

SHA256
08780bdd6c8009b35a6924a62e4a81c9d177c2cd2bb039a414bb0c6122e7dc83

SHA512
40311aca586a2e63ac73654e389276ecb0adfa4ae841ad91446bd705f846dfea5a0780d67609b0a0eb8a2c88e6be1ca84f8942c8a1b95021865e9a904ba77fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
292KB

MD5
63fd16a57229b15bf5b0ada546005f74

SHA1
9b20ead4735119cf31c01619f3d46231de941600

SHA256
8aea025a5f71cc38a5f820eeba8e29ea012aacc4f148ae7bc54d840a61c468a7

SHA512
a14a7571fdca0c041c0518060ed66af5d7298123cdbab00e91c840d6997c1060db7115e6d49a1f6ef863985cb70cd5e94685bb9e7466e508b5c3dd49f7d3b620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
292KB

MD5
d67e3a8dd79d4e6877947f9e0116250f

SHA1
0bf1ca6b5bbcd9d464ebdc3399c9abf298c67e91

SHA256
f52b48f4e630b38a553f333fa3deae594c771efb368b989720306cfa4168c06a

SHA512
3641d9b96c9d66763bb26e1ca08969d42a39058854197cf55d6c7a903c639d7c9045137045ddeb85cf5dbeb07edaf979b7acc6d3e9bd7237c67a99ac26aceb5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
1a2c9a93dd7ef6ede07de83c99f9e0a3

SHA1
ec7330125de44b463c8c4de3a1bcb54dafafed7a

SHA256
00679acb28e85b63954ec3a3d265fa2e82461ff63180fe2d7548bb4b80ee8701

SHA512
67b6ed6f605e985f07fd76c8cf81e047455112f475f292064434b87fa3f911be5785180541084196c2111c2753121f3f842b9ab35ca100ff2de81f701c9235bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584ca4.TMP

Filesize
92KB

MD5
f883c7e0cf970f364acbbce2fb5a339e

SHA1
5554c6c8568e7d7b3c4e57bbea007ef60abe3b64

SHA256
deced8db0fb22f0b99707fedd6d73d0c0e23591579c392207585c8a4497902e1

SHA512
696ccfa171f58df6f39420b91535e99d8938a998fa0714a3ca5bfca69356efc2b66fcc5a3b8eb457dabbe44266790d153f931cfa58e78a9257e4a1c0d60c93fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit