d82d49e9ad153ef84670c1d0bde5f36b540d32fa037cca6127ce9e4e366b7403

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-08-2024 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoIt-Extractor-net40-x64.exe
Size

1.2MB
MD5

205792ce0da5273baffa6aa5b87d3a88
SHA1

50439afe5c2bd328f68206d06d6c31190b3946c6
SHA256

d82d49e9ad153ef84670c1d0bde5f36b540d32fa037cca6127ce9e4e366b7403
SHA512

186f2fac650ee02683c689b0c04867a30330a5475475b106a2aaaedc5e2fa3c9325cf07a2c5321044f5aed1502d729d1d9537ac57bf7733cc228c44ceaba7821
SSDEEP

24576:pcdWeAKpCklFpaQ3vGvW68WxOFxT6YP7KPU48YNL8SsbJDeAKpCZG:QFAcdFpa068WxOFxT6YP7KPU48YNVsbu

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
70	pastebin.com
71	pastebin.com
72	pastebin.com
73	pastebin.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679317839627427"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
232	powershell.exe
232	powershell.exe
2428	chrome.exe
2428	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 58 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	232	powershell.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 3660	2428	chrome.exe	105
PID 2428 wrote to memory of 3660	2428	chrome.exe	105
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 4980	2428	chrome.exe	106
PID 2428 wrote to memory of 3596	2428	chrome.exe	107
PID 2428 wrote to memory of 3596	2428	chrome.exe	107
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108
PID 2428 wrote to memory of 3916	2428	chrome.exe	108

C:\Users\Admin\AppData\Local\Temp\AutoIt-Extractor-net40-x64.exe
"C:\Users\Admin\AppData\Local\Temp\AutoIt-Extractor-net40-x64.exe"
1⤵
PID:2504

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd034ccc40,0x7ffd034ccc4c,0x7ffd034ccc58
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3320,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4952,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3324,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4568,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4552,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3196,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3220,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4072,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5624,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5904,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6068,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6244,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6412,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6560,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6704,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6832,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7016,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6376,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7300,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7312,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6456,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7628,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7560,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7728,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8004,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7876 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8144,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8160 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7872,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8324 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7888,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8448 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8148,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8576 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8280,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8584 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8040,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8992,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8048 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7044,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9144 /prefetch:1
  2⤵
  PID:6396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=9004,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9268 /prefetch:1
  2⤵
  PID:6404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8476,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:6504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8428,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9524 /prefetch:1
  2⤵
  PID:6512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=9116,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9708 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9136,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9856 /prefetch:1
  2⤵
  PID:6668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9692,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9968 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=10132,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10156 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=10268,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10284 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=10312,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10440 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=10600,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10624 /prefetch:1
  2⤵
  PID:6956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=10632,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10732 /prefetch:1
  2⤵
  PID:6964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=10748,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8756 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=10872,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10996 /prefetch:1
  2⤵
  PID:6984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=10980,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10468 /prefetch:1
  2⤵
  PID:6992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=11244,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11268 /prefetch:1
  2⤵
  PID:7000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=10328,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10884 /prefetch:1
  2⤵
  PID:7012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10564,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11500 /prefetch:1
  2⤵
  PID:7020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=11520,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11652 /prefetch:1
  2⤵
  PID:7028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=11660,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11788 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11812,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11932 /prefetch:1
  2⤵
  PID:7044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=6516,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9084 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=9724,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8868 /prefetch:1
  2⤵
  PID:6504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=11108,i,16706933364855911644,11351626714022743210,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:6352

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c97acd96afa69cdfba1dd0e48536a622

SHA1
362c04afc7164fe3ca95194271ac786d4575f263

SHA256
53a1c1a8c5c1ff73f192cf605f68ab1695912eb85e30f919721be9c9bea5b459

SHA512
50b3e90057a91991c1135c44e0035b8c45a781d3a1225febbcdd3ced408f377fff682ab5420e150d9f881f3a84d9196f8fbf3c4669adac53e6bf5019dfc95a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
16KB

MD5
49295de6ccd23cf80b6418a2d209868f

SHA1
42a955b4560bb22cb9b5b39577f7a691ea345018

SHA256
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa

SHA512
2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
251KB

MD5
7dbfbed74f576cedc21f4f546d36784b

SHA1
aaf28fc19c82c90df5d4624873f3702acddb7d76

SHA256
bc11f4765605950d08053e126410decdab65e8c48b41a5ef25e8e6f390a966ef

SHA512
8868e3b15c695a357b9b2f6a1d3038f1177a0de8484dd7dd9be46a5a7bacb3037137dd9aa2b6532c00dbcfdcccd3aae6c55bdd24c1deae8f489b5923cd849426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\90515c2c04340276_0

Filesize
276B

MD5
e9c534ee5243c01cd27c6c0c4a46d94a

SHA1
7e4860928a8dabb4888cc35e44e15cc939ed2078

SHA256
d37855fded093e09d8aa0e39a0b47bb8df0e2035dad208c5eecd7148fcb5521f

SHA512
6740e09f8e43f9f811e1c064b4e8e64d011dbe1fbb808098afbf1a033221bc30544b7dfe520bef2d07ade5d83099f65d5bb7410109d8e6f46b86953b74b6cc21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f722ff8866894e0c_0

Filesize
251B

MD5
42e1f76ae5c155826f0d3decd625f823

SHA1
7fca5ec9581f268d9f9d753653bc3a59cea15770

SHA256
b80c8d361fd162225817611731e2aa76d6abdd6bf4dd15539a2f3a842eafdb3b

SHA512
10b4bbc16cf2bb20edcc236cbf92f76127931ab79c2fa07fc8f6abc6479c96e23090c297b94adb4eb2b20906dd2f42a3f0ea1e71d4cf5e805a7486d41546422d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
911853a9897ded7a1bc7c64fd08e044c

SHA1
9ae164f6df5278a4dc54598db6593449440ad777

SHA256
897001a2f57122271ccb977b769871aa72ef2d56756027071de0a46120a2ab3b

SHA512
aefc2c1495f52320651b06bb8b36e7b1d32e0e619dabb7ef19042549fac210d01fdd2ef7aede4217e458e784a6270ac40f1d5173ee689cb23ba6a3b68d4a183e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c854e3efa318e12760a3ce2c6d8564b4

SHA1
cea57f4a86b6e22600e2fb467a3b8c4387327629

SHA256
1bcb2eff943647d423291a0f3b4bf7e473d04de321b9db80c5c1976bed6ff45b

SHA512
f59085d4576aa84d598ae8e0b2f01b9ac40117c13feaf718ff49c6cdcd4b1dd6289f6c301e5aa2260e193ca68774be9f41057c1a33400b02c9ca2ca95f8f345e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ab2d60a1a815d7afcec6d9809270e232

SHA1
3b70e12fb676aeedc3cfdca352f5d5157be777d6

SHA256
a7ea0184d3004df27b5d13ea17aa54e21e48439e5033638b0d43ade00b9ca26d

SHA512
3d00fe29c3e175ae1605806bbfcc3e0b154737de529dbae3d4604fb7e64e82a54c133f2e1700bb778fab64cac16a83f2f84cb279cb8c0828de4f420449e94a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47b75efdc264bb2d10624eec66132d7b

SHA1
e7e163084ba4e75e8dd885642acd767687b14e81

SHA256
457ba36eb043030a0f03de927c267a96e480f90b1d8956d3b3290cdb66533648

SHA512
8c829a4fb68ce7966f225519e3321e942c7e584510d3767fbfe021e266d7da8b940d30e3aebcecce5d6c15929f7f9dc0cf42862e2f9f0f98b0bc7431666e8e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c971a65ff83f3ea7e8a846213abc1b0e

SHA1
bc27690a4fdc42a8b6368f6e0d6047150fa67bc3

SHA256
ce1be4a769ced28ce4fe877abfc68e118a273bd07ed96dd8f3f7e39c2b7e402d

SHA512
73fbf3b631cd4a9501d9e9d830c63155738c0200cf85a97e35b9c68897452a2b6ddad4e0fa240d7e841a483a6c72e072cf942cdae257e2dffe3a74f950394dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f77084282414e1bb4e7164fc1a22a3ac

SHA1
365215442f5acea141f2c0b5bc304e4a302e8135

SHA256
e1c90b09e83cfb75fca03bf54cda789c18c25dc20ea5a2ff2add65f7631d67f0

SHA512
716b8072e9c71ea263ea208c4a44454ae5b3932b69f54c37ff0b27b05f92c166916cb65025797b8630e2f12e619ec34c4953c45883f9f921f091895b37cab478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
949c07157ac819f8dafff9a1c41a371b

SHA1
db9cbd0556b8e477ebb571a905cf19f9c569f2b9

SHA256
7cf5f2a31b9b8950371bbb4514b497684548b6d992e0effffc8aca749ac65383

SHA512
7037809dd71521923ec80e7c502830a54b45284cc38799e05749f349730d80f122b94b0c5bc6a6058be6e2b653f9a6e91871be2f8a6bfd21c51dd9605dac56e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
36b702d63379dccc660abfb5f75f5699

SHA1
9c24a0ec1200a0dcd79165b7c535281e738aedf7

SHA256
c8136d16cc04a219e2e511b68ba000faaa3b873de0a02da86e388f9e0ddd9e1a

SHA512
0facefbe215b345e62b468ddeebce216149f13a1328cbdebc24f06c74f6b5618ccfd95718d2185a3555d4a853d0f34a0c4698e75962036e79deffcca5fc10f1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
e7c6d498314a6b0f840c6ea4c816dd6e

SHA1
f339e48138c85ac54dbe46dedcd395747b66609a

SHA256
d855c50f5cd1be358097db83a8f08c999ece96a3e91797ef9794599cf5bd489f

SHA512
f0acc24ac800c64d3b830512ddeb667da5ac24eca2c4295d0c5d6e41bcebfd9c7a571cf1a1e3a1529f2018294ec0b67ff9cc483922e6cfdb6c65ed5ee20f26b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
f450cd060a7fa016829be651a10095b8

SHA1
fa211a7320477d1f8c1091577d8c26c4f49cfa6b

SHA256
16fede448998b4b92d02493f47b73854a751e7579c609221fcaaa3ae37cb73eb

SHA512
217cfedc1d118796a3d0d6228d3ab7c2258cd2fc0e42ccf81b976ec1185af0751dcbda6159dcfbefc8f06a5d350635545496d762b0bc69a6bd324327cf8f706a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xwa2qgti.mja.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/232-16-0x00007FFD088B0000-0x00007FFD09371000-memory.dmp

Filesize
10.8MB

Download
memory/232-6-0x000001BFF0320000-0x000001BFF0342000-memory.dmp

Filesize
136KB

Download
memory/232-19-0x000001BFF0820000-0x000001BFF0864000-memory.dmp

Filesize
272KB

Download
memory/232-18-0x00007FFD088B0000-0x00007FFD09371000-memory.dmp

Filesize
10.8MB

Download
memory/232-17-0x00007FFD088B0000-0x00007FFD09371000-memory.dmp

Filesize
10.8MB

Download
memory/232-318-0x000001BFF1240000-0x000001BFF1768000-memory.dmp

Filesize
5.2MB

Download
memory/232-23-0x00007FFD088B0000-0x00007FFD09371000-memory.dmp

Filesize
10.8MB

Download
memory/232-20-0x000001BFF08F0000-0x000001BFF0966000-memory.dmp

Filesize
472KB

Download
memory/232-317-0x000001BFF0B40000-0x000001BFF0D02000-memory.dmp

Filesize
1.8MB

Download
memory/232-307-0x000001BFF0870000-0x000001BFF0894000-memory.dmp

Filesize
144KB

Download
memory/232-306-0x000001BFF0870000-0x000001BFF089A000-memory.dmp

Filesize
168KB

Download
memory/2504-0-0x00007FFD088B3000-0x00007FFD088B5000-memory.dmp

Filesize
8KB

Download
memory/2504-3-0x00007FFD088B0000-0x00007FFD09371000-memory.dmp

Filesize
10.8MB

Download
memory/2504-22-0x00007FFD088B0000-0x00007FFD09371000-memory.dmp

Filesize
10.8MB

Download
memory/2504-2-0x00007FFD088B0000-0x00007FFD09371000-memory.dmp

Filesize
10.8MB

Download
memory/2504-1-0x00000000003F0000-0x000000000052C000-memory.dmp

Filesize
1.2MB

Download