63b0220451a85135de4bda78b6b00ba68bcf568243ac79069b7eb288e6875a8a

Analysis

max time kernel
112s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Microsoft.Web.WebView2.Core.dll
Size

445KB
MD5

c4b4a5f4f28d47239eb4e37cb3cc8046
SHA1

ed86941cf065f91758d536d8e13cc2542cc38922
SHA256

c2441011ec290b3408391f32072379f677ab3fa4507c4304167cd82fad6593c1
SHA512

440ee33d5a830d9c59d96367f2a43d4a4113f6fe0924a691e682a2e9251a8615e52177dcb9af225dba538a8a3893ac85be79e9c1aa687034e3da6c95191dc645
SSDEEP

12288:EB7Md7DkbrB3kPo+iKvRFNLe1+imQ9pRFZNIEJdIElxPrEIvLcglxMwCepM1STUH:EeFP7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133697045040379542"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4652	chrome.exe
4652	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe
Token: SeShutdownPrivilege	4652	chrome.exe
Token: SeCreatePagefilePrivilege	4652	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 1244	4652	chrome.exe	97
PID 4652 wrote to memory of 1244	4652	chrome.exe	97
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 2320	4652	chrome.exe	98
PID 4652 wrote to memory of 768	4652	chrome.exe	99
PID 4652 wrote to memory of 768	4652	chrome.exe	99
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100
PID 4652 wrote to memory of 392	4652	chrome.exe	100

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Microsoft.Web.WebView2.Core.dll,#1
1⤵
PID:1144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa0902cc40,0x7ffa0902cc4c,0x7ffa0902cc58
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=584 /prefetch:2
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2624 /prefetch:3
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3312,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4772,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4868,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4544,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4584,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5268,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4500,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4680,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5444,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5304,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3360,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4684,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4880,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5044,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1180 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4656,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5692,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5252,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5804,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5032,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5716,i,1734365361078938755,175198419848638498,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4876

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2272

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\50f3278d-2ef0-4011-8f69-bea0fbe93464.tmp

Filesize
205KB

MD5
56ad77bfac90a650e2013b51701cc4ef

SHA1
4a57064ba44644155b76f24fd95f25bbb1bdf4e3

SHA256
5f74c22d945d53445a94781ad03cf9155014708fbcefff68e562fb553c140805

SHA512
8dc00a1a9435d283126b8abacd243ba4bf04736a5b5e59108c6fc7a30f0c88ba6dfe6f0cc51e09234d18866eac9d803b411abb245748a67708451900757c3752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9a680243-b8b0-4bb3-86ca-8005d54c9569.tmp

Filesize
205KB

MD5
e597d0cd55fb8d9b0094edf3f988afad

SHA1
76d1bb6f7f7604627ba321ce0128b191bafab6eb

SHA256
6b95a087384d2cffd3e2ac63ad2d19b08b4d1c53404c07f1937bedc023105f54

SHA512
9c843fc393693d5db481d5d227c15d5150cb68b579779735a143e5e7f882cd4fb38ed83c1898eac4959437f88453b85553055bd9af60a0d5025c1fbede2bd654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8443833de2902fb02c86c846d732af84

SHA1
1ec619adbd182f18925bc38a333a548033d82c46

SHA256
973d5f5d1fef1a275b7a31bdf41d1d62181de8cd5796ca1be0a2f201633d3026

SHA512
0134bcec90cf79714fc69f3b4aa87f1e79d4be0fb2995c841f479c851ece54b7ea6f51f8878e9fab70425a1efbff089377406460bee893363467f6ad3c0cd9a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2f652cb49d3fa004e879a53d98b5d69b

SHA1
6c25d731aec768352a9db9a86cc596cf993a240c

SHA256
f3fad21553ef2603d953968ebba07b2e5e65dcbeee2a53a9e4fb6d1ac966c3e0

SHA512
55eb26f006a6b58dabe34867f4037f3312d19645100717d4dbfc220f0ba3673328c5c2c7031e01afef27333a693de54dd89232257665ab28cc27d7b036daac14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
01ad73a52df8a5808bfdb919ff921171

SHA1
37e358d5ddfbf5d64bdf14d28a89e32aa1938b88

SHA256
a6563cd03bf30d063060e4809915a2eb96ec0045ae4ef5ddd15b27c0877cabb5

SHA512
d1ee620bb31bfa39d623f3fdf24d7c1c923f6f1bf9726e8603f59711f6f7584d2e962f48b737ce48b20affcc1e16e6a13700b4811dfd6201b7769689d778c692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
94f04f2103d031a9119fd78e1366b325

SHA1
bc2dd9f5033549eaac3c89e5f1d676e0e3915027

SHA256
52ec96ee393bf1acd09e1299d098eb37a9861ad4973beb2cf544f3b1102b0c2f

SHA512
57eac18e923a8ee24cc10ed65a8f5ea4a6d47c3bd9abdd800a2b4b55aaaf3cbb3d1dfed5dbc0e675c0bde326999697947faf59caa7102cfd5ffc7b14675d6d7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
20aeec418402fe8a68398a348406c61e

SHA1
cbc782eeadf3da0ca60b60d3e09683dea017ac6f

SHA256
a40fa23ef61383b256ca5ebe13f5b4cd44b2623e22acf3f877ec01e96854e277

SHA512
4d3bd60c33b70697ab0e2f55353bf0435328f5dbd4a0fe2aa4653ef493b9495f173893fd7444fcbc17a440d4b364e4cc399007e7540fceea915995cc580edfcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
722e1faeb251fea70ade1bbe194588d6

SHA1
7057bdc062d0d2982bfc97a05f829ea05c8f634a

SHA256
c62dc0fc166a3b447ce984a760173bfa44f40f1303b53cdeef3d0424deafa1a8

SHA512
5e53280f53c4bb5a0bd2815e15e608a572d603418dd20828c9ab617933a024429e27ca25f136d6a64ffcd4f00f1a2ca0e7c9dd9b4714611148215047e34107d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
780340cfa221de3f0f9bd4ebdd9c9b01

SHA1
3af3c0d3dfbb9dcd3811c91c7e81c61c600636bd

SHA256
521233d6296f4df55616dab208935fa859fa6d8b444a33ca0c27312c40f2befa

SHA512
d4d00b087910108ef1aaf8e90299c55659d6f93416e12aa7e2774a67b61d5e40381e1c988c476ce6cb4d06c105e8ac8787eaad76c487eac88eca0fb60fd29a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
d70adae1fdac7b9eea8b60446206e552

SHA1
9ebe3f3f65ce749825df97795b8f52f18f0d5887

SHA256
ca1e75a0384e58fe41fea346a584d1d0ce8526611747995544c5fdc385f989d1

SHA512
39a9bfd5787e79baf8ab2d88477a33556cfdbbf0c19416abf0f262c77826087f9dedc0decf26d15bb2c43439ba81a0c3784b05661cb945fa057c55e664b5b211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
52af5e162bf56a58ba838be7e651fa88

SHA1
aa9509058f1c4dd1b215b320d9431ac8a3ff5a7e

SHA256
b0bc6cf1ce8756cc1dd78e4d54b553a5312502cca6f8a818b901ebf2b08cec13

SHA512
0934dd4b3eb4def960503ec217a515468a62d8d87b534b58f0cfd0a3e80373e87a34ffcd59826c2c709a2a2d73795690ba6278fe8c33dff8332322403e7080a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
cef559ee200a34d5f63c3d3744b2066a

SHA1
66969faface7aef2a1f4ee7caa19593f7083f92b

SHA256
00b38a38de10fb255479773a4edcc310274876105e5d0f06b0957181c187dfec

SHA512
8402819d3156de4a1d84c924df7abcff19de2d78a50f9f282890becea68012d8e7e7a0c7bf492c34aa1543e11125dbb8b07a8b0211b5a10554a3fdf2524c9139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
848efaf9ade3ca0a86931cd7dbb7a945

SHA1
78e2e3edda98b63479c9bd3e75d8938f7e74434f

SHA256
b66b119b6f45d8f08fd7d55638e97546db9b8e1497459ad9fd3b02d5bab30229

SHA512
5bed0e7e22462255b6732549bdc8dec0f79ce45f10171b397bb862b2e7c46cf8eade3c2643c1a049bd623b80b13e69d61e58728053d394c800f537f61381db4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
e876d9ab34b8aa429cd232dbda47e9b0

SHA1
db4ea7815d316268757cd93f05d5f254ec8dc999

SHA256
32603a32898ec0c863621ab60977103be08df9a9119594689126b074158871fc

SHA512
41f7a251a652b36caa4f2344567d625f928dfd2a0848ae3454a900ffec4f3ed522e4c378e92d7cb36b57287072cd1f2c4ff2bb2fb23311e658f60d2d90f4aeb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
82350a95f76ef91cb17f45e519956862

SHA1
e9c95c93fd2be29da8542a0e6424d28d326c2fba

SHA256
09050c200d02720a5e955f4e1a520c03552bbb1ed598bfd7e76a71456d64e781

SHA512
ea0a57091c0b31aa97dd9b992ef8e7828eb0d3e058edda2ba2dbfae9f852168194e8c6572f850fdf0563b45e2ee816746cf88ebb74331eeacf251789e203ca72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
a2de0b46a308c29e32827d3cad903db6

SHA1
b33c16eb137f635c8841c3742b287a19fbe2d6a6

SHA256
553d5f53b2a34f0e96b77561ada578d76956b01e62ec5c53200b14ee4c1d12cc

SHA512
941b71d419e94875514f54fccfa92c575be39c7b2caab7e3736f63e5978b1c00c863906dcc236595b2f67da163a5164fcb283578de3fe664cf15c73a800a501d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
93edc85f9cc14bc14d616dcd31e07451

SHA1
fd1d01f2b7f579c0b92188a21bebb4405b12f13a

SHA256
8efbbb4ad8594f29c5af49921871c4ddd9b77347d1bb4e039527e48ba2a5792b

SHA512
0fb0d696b118cd98bdf2706ff522b1263e025a6ec9795e40cffa041e145f2704979e025e9d0e6cc66b251ebde5881083555e5f37a6321fc5266df2662e184393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
05021891b39ccc8a47788e513a3bb91c

SHA1
fbea718a53157e62290c4747d2b615d76bbb8c2c

SHA256
2f8b92a68b64c8159aa40f55f642f7744a216d4c5c8622f8d25e81b800e30032

SHA512
a39f4683c6ae20d803cf453e45350e88e069f653084c06940fa94bf7f0fab3cab46d8cce8d7b4d205d0d560583ca21caa1665ea539285643f474fccf60026344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4252ee41487f9747b71d8568a532f82

SHA1
67752936850a2248c8bcacd6db84d2456f2eb5ef

SHA256
0b70ad77671d2a6afcb411e7e8ec7d0bd8e6b574a9da1058d2f2a2580898b661

SHA512
8e20dacace7bb772432458a32b96e55e393f96eba7849f5850bd24513abe0aedcc9d4baf80ff4ba8a1aa836927b7402fcec85311e32f8c9473123a0ea53996c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
deb85594e97ff0e8f27f50bd887bf6ca

SHA1
6010517313b83ddd465c696667b3e9506eb0a83a

SHA256
3496571275c6fa6f024e2ca484dfddb44615c7eb56b9d9b49d742d614010cf63

SHA512
fa276c44328c62d335101dc3575b7f0b76627cb72d3798de60818b29fd8ff9a84c1ed3f12c948e4e48bf17d7ce044051f680910ab43399f2b8e76217e77b0737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
769bdf553a9213e7114d6f6417f62a0f

SHA1
c7f8f1c8fb6d5f4fe5e52c59cc4039170e62217a

SHA256
01628a561ad23993d529c955c892e93d58c7cb3f52878910c5ccfc0ff2d0e94e

SHA512
77cfdacfbca8717f0058b4f772b60a8337bc95b93127303a1cc2c10c4a603c5e5f3619589079820c6701023b804870edb92588793ede55c586bd6c1a34b4c174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9f78f05764397b096cde25313056a8ce

SHA1
442cd2e6bd7ba2fcbb89898701f1b0070fc43f08

SHA256
046624f6f1ea5a7b8d4d00d09472fa0eeef76c3723ded14c0ebaac4858a03d1a

SHA512
fc004c92d81e76cbc6efd1aee68f98864bfc503561a0af52e51d7120e52d10ba7d0bdabff5a7bb6d8d2e963613e813684b76b08aaf19977a70c942099aa4a18b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
647b7606e02db729d7a38f52ba8d803d

SHA1
28250f77c581d3ba1e4a8419c2b1748df1cb3b90

SHA256
8595177878a01a60633117a0bc837f05eb6fc46a17779e7d288a293f707dc192

SHA512
84af0c1f8a1c487210b311e475ce567ec97c52e081f1f2eb0e770589c6fde5cb3d0be1e8532a191621525844e7805c461f8343ed818773b34fe3f23efadee65e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2fb78c2718d6f9d8f2092123ccdb30d3

SHA1
9d166c2adc4daf27a10fc581998a9362043e2224

SHA256
6c9fad92c6df3854d7611de696e85f1064ee264500661a5fd68d48bdc7c4d6b8

SHA512
88d681a6781f86fa2fe9eceb3b66df02106ccc4ce0343fb9fbdbe36d4aa5893a6b1928608316822f5b1b6abeccfc20eaee4f4ad371d5589942a75c4a12b60743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
8edf9fe4fcd2ca8ceb1871678d385f11

SHA1
a977f917e65979ee68fb02104a7491e93833afef

SHA256
5023d503d7e716a9e06c12ad489083cbe6730b9c7f1c98a11fbc0312d58a77b0

SHA512
106e291b9501dcbe0226cda4aa4de3b8c3b00ebd883a724023ea6b2f2134a8a6a80340806fcc642d8f35635dbe3a4e005adbd9c9f89c06010c9ec03c7395ff85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b1007bfb-fa97-4cff-942b-6134f6cd9bca.tmp

Filesize
10KB

MD5
39bdeb0275d58ddfb30f84f368a40340

SHA1
040ea360e4a08f6870ceced47c04811cd86eece4

SHA256
a1dfd9bf361c16ff1eea35047df36613db6842830d0238b47774d9cde9924e82

SHA512
b009cf96a0b8b45e5ab90de950b68d0a91f42ff53f5dd28438fb80be6552d07214c4e7ad7d0d54b573e57064c2707ab51d70afb6c935638580fa229578f6bce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
e43e25d438cbeada0ed67e66efda8183

SHA1
502aad1e4b8e295d282b2b463a5920f3c38ae876

SHA256
61ad5445b067fead61084dae71cea55605433b3fb4ad44863e3b0209fdacea69

SHA512
d3bcf1ee8a2157bec9f27161e6a12c415e568adfe695e6a784f98d1752f233dc4601abb53dbde78dd2bd2f62f66dfc3c9a83d1b62d57660497606ceb40b649d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
423f9830346991638fe04a8229846870

SHA1
de87d31ef96ff2a8486a309a2f0635c0cbd27092

SHA256
5a01580a4310a21302e94b5cc8221bc8c5cbde3a46062edd6f117e939413d187

SHA512
2e6d4875a3e9ffb446ec5fb84bb71866672890819c5898cb44e1de5bfb38a3be591e7e475f914b25e2159f62a71df9b563ee24c16014511c112960baf699183d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
d9321033638d3cb0c7eb3c9618aac7fc

SHA1
8f3e6bbe79567a0f677d465ab7b01aefad66476e

SHA256
74f9c5c100da3a9ab40b2ed27d0a2506028404e6cfeec32f53f3fc92a03b35dd

SHA512
86823352d3ea721ebd9eb0fc358c4a74dfb3cbf5595166bc7c2847b4e5d19bbdc372c084d244e7493ea3c5826eab5f1325e075d0de3a68fd60dc757621248490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
c28a9a6be3ccbf6dd272badfff9e5445

SHA1
194033a61e895f19ac82ba759d31a6acfcbd597b

SHA256
54c4aad7a3119fdb5b610532fd768b0533087c06b30703463175f023dc7f3bfd

SHA512
9b64a52e229310a396c3b2271f2e47440c4e6b0f2d1d6dd0b6090f04e06d619ded66c1e8878a6a59ea63a6269d45e3955cf434f2f63723c0b243dffa6771de68

Download Submit