hxxps://ecp[.]yusercontent[.]com/mail?url=https%3A%2F%2Fci3[.]googleusercontent[.]com%2Fmeips%2FADKq_NYb95ftFwT36JnA3GtA3siIuClzxufG2Mhsh9FUzVsxRvSbbhj3Ma6pjyd7ajtOOmtuXb-ZMepzQ5pJFPcLwNQ2pDo6VIjmSbaaL_0PuokVxUDDrajzdS9q1HGEPbAKLnq3TilUHxmNm7wSEeud7v543ltTMzjk5F0UKzx5VhPOqvhVz5M2TEjgujW901TlEc36%3Ds0-d-e1-ft%23http%3A%2F%2Fwww[.]inmoment[.]com%2Fwebsurvey%2Fservlet%2FBlobServlet%3Fs2%3D4e35747c-4dd1-41f0-a2c1-b3aa9cf01ced-3b%26v%3D0%26type%3D0%26t%3DsouthStateLogo&t=1725797837&ymreqid=34cd6bdc-580e-8cc3-1ccc-dd000401f300&sig=7CPVjE7cuOJXk8dBbMHT[.]g--~D

Analysis

max time kernel
103s
max time network
106s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09-09-2024 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ecp.yusercontent.com/mail?url=https%3A%2F%2Fci3.googleusercontent.com%2Fmeips%2FADKq_NYb95ftFwT36JnA3GtA3siIuClzxufG2Mhsh9FUzVsxRvSbbhj3Ma6pjyd7ajtOOmtuXb-ZMepzQ5pJFPcLwNQ2pDo6VIjmSbaaL_0PuokVxUDDrajzdS9q1HGEPbAKLnq3TilUHxmNm7wSEeud7v543ltTMzjk5F0UKzx5VhPOqvhVz5M2TEjgujW901TlEc36%3Ds0-d-e1-ft%23http%3A%2F%2Fwww.inmoment.com%2Fwebsurvey%2Fservlet%2FBlobServlet%3Fs2%3D4e35747c-4dd1-41f0-a2c1-b3aa9cf01ced-3b%26v%3D0%26type%3D0%26t%3DsouthStateLogo&t=1725797837&ymreqid=34cd6bdc-580e-8cc3-1ccc-dd000401f300&sig=7CPVjE7cuOJXk8dBbMHT.g--~D

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133703599388578713"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	chrome.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\mail.png:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\mail (1).png:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\mail (2).png:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4720	chrome.exe
4720	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 588	4720	chrome.exe	80
PID 4720 wrote to memory of 588	4720	chrome.exe	80
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 2644	4720	chrome.exe	81
PID 4720 wrote to memory of 4600	4720	chrome.exe	82
PID 4720 wrote to memory of 4600	4720	chrome.exe	82
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83
PID 4720 wrote to memory of 1272	4720	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ecp.yusercontent.com/mail?url=https%3A%2F%2Fci3.googleusercontent.com%2Fmeips%2FADKq_NYb95ftFwT36JnA3GtA3siIuClzxufG2Mhsh9FUzVsxRvSbbhj3Ma6pjyd7ajtOOmtuXb-ZMepzQ5pJFPcLwNQ2pDo6VIjmSbaaL_0PuokVxUDDrajzdS9q1HGEPbAKLnq3TilUHxmNm7wSEeud7v543ltTMzjk5F0UKzx5VhPOqvhVz5M2TEjgujW901TlEc36%3Ds0-d-e1-ft%23http%3A%2F%2Fwww.inmoment.com%2Fwebsurvey%2Fservlet%2FBlobServlet%3Fs2%3D4e35747c-4dd1-41f0-a2c1-b3aa9cf01ced-3b%26v%3D0%26type%3D0%26t%3DsouthStateLogo&t=1725797837&ymreqid=34cd6bdc-580e-8cc3-1ccc-dd000401f300&sig=7CPVjE7cuOJXk8dBbMHT.g--~D
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee3d1cc40,0x7ffee3d1cc4c,0x7ffee3d1cc58
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4656,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4400 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4228,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4820,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3400,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5192,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4328,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3448,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5228,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3680,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5564,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3396,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=736 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5712,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5568,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5920,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6064,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6176,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3460,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6388,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6536,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6948,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6972,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7136 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6832,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7244,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7432,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7536,i,6499808192623907935,9948199145181357466,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7544 /prefetch:1
  2⤵
  PID:2476

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:476

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
abec35d504195044dc86549fc2994867

SHA1
5b870486b42b74f07516964cbd11958955eed8b4

SHA256
850833ee7cb9d19293567f1fc6e06e337b19c0ac775ce2901a9d0bbb5e7e4435

SHA512
4618d41b2b5e4e55daec40daa5eb3a427c53fa06a272f4f695eb48ee0900cc9e1b2bf8b685e7de2791888b9d8c55391950390030b4182ec480d00bce09dfa6e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4182b43e-c11a-4aab-853e-867b3b54e95b.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e9258901beaff46e18714e4ed3c65d60

SHA1
cf82567458712f4ab6accf6d297b31715ec02a74

SHA256
1f66c54a74d40baa05783c53b6c44c77ec702ed4114c2ac6de51c245ed554474

SHA512
0beccd54366cfe8d9420b3cebc0a215f87fa47b69f5d4585eab7b093cb00cf36dbed1803e0abf4361e9670fce107d7ee0156380ba603e487d31df2f0522c2bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
aeef8ed6cc275c6029be4ee063ee9069

SHA1
e62879d18a0d4a312b066ec8f0252e1a6c970742

SHA256
4be0e843c49a26d28ebcba3eb7c26cd8870e7c8661c8ceed4ba64130e6f4c2b4

SHA512
f32b630f50e63c3919c6a14e0c619dce91a7f5aee3a6a1edbcca4ef63ad7bfbd32d8e612537e5f9ed1e509d5db8d26f3052e7fab95b389c2ad04ff638999de74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
97f5540d790b8cc2558edbf52735a0ac

SHA1
2fd5590fcd45700d70e9f1c89418b4d76b837aa5

SHA256
4953d7c16bb4907c74696d75eb01c576bb52e3d14a293b9dd03a66eba4771b2b

SHA512
d9491db5b55c334c38b2f6006cf65f8293c4ab4d164e6df644affe4bf3a0e958d24d59324a70c7f125f3fca4b956bdc64b5e21231941507c486b1fda0960acc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9c2566a9b6976c2035bbc54285044b4b

SHA1
c3fd105a62686d52dfb35f17aea9b736a4bfb5f9

SHA256
a1da2e6c094a036e436abbffb79465e79396c24cbec89913cee01f5c7b14f124

SHA512
b54b1e46b7c9faab15272a52b654139909a5d3bbaea70e6fd1756996d10062bb9d411f062a674646ad94f6bc484fd6ad9abb82632ccfb393dd0a4bd3e565e1fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0cace48c392fe08845df624632606795

SHA1
48897e63955b0cbb882fdc9f687273bcb531aad6

SHA256
31765fc87088ad2dbf19cf26726d50a478c657429709be11e9edfc691089504f

SHA512
1076157d8318d8ea60f0d1e03a07efe8c8e8e039f77d14fea60cd7337e0d6b34744ab81018c1363746af71f5d15eaf7fd9cdeec5f74d925dc4cb191b35f99b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c6f922671dac8422e34b82ddeb80807e

SHA1
211105d3abafdac90b70105f821bed9c6faaa059

SHA256
1d4edf60c26ff672e8f7403078439740a648827d4c258420c3265be58bdc3666

SHA512
c1303d3d2524368eb0b2adeae96058bc22ae313aa091d8641c48e4479716e61c535dc1fb754b3f1b18ded87b6b7998b716a9cbb66566efcdb0351bbfa7c88771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
344c25baf96a90eff1c2f06da00506da

SHA1
a1e181b2a9eb86185a5dd17c8237163c2288746f

SHA256
6edde51b70c4d591d3c6f5031f459aa96d54b0f6c2764fd4101b95997fe0cf86

SHA512
3688b53144b19d947de46c072b2191f408eec57b7a29d0cabe8d4aa718b46bc7df54ddf8c8bc625b46bb7b67880d13b8ff00950b3a96eb04a58ac58ede9cfe03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7234d85a23bd2049e8fe3c226ed2c3b3

SHA1
c8833c126871d1909ff0cb8e7b1f1e5842a14b38

SHA256
fba06ea67bcf66eac6748a135de08cc087425dd3234d4475f0816c034e258d69

SHA512
92daf417755d88706cb10b99a9de24dcacc2c19660bcb0cb1fa871bec775a4db9b20f75841b32156762797b6b02b73da0ecbb00d7ca1b1907bdc0262d234fad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
abaf3051541a0a1c478b299ba644775f

SHA1
f6b30d843ebd7b0da6dc6f2f14216d5184602fc1

SHA256
691d92b8da9583563e672e48aa0e4b4f3e431f45a5b3eb6731c06f5e70c1f5fb

SHA512
28bc1f3ff927cf842fcfdab2fee41e3e98ab5e8c8cfcbf6d36bae213f0b41b7a060befba9a3bf41ad95c166dacaabb3a30cbc6574a09899b6ad13d48e2e93c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1fb6d8e2058710240fa727f9ccd5ad4

SHA1
9069cebaad9905f14a567ad9240a322dc7848823

SHA256
85b29ab1a381966d81910602d97abba128df220ef4a673c6dae3f824d05863d9

SHA512
86f0ae60753d73b6bd76ef24367ea9107c7f63474af80e56eb7777746a991fcb3eb3523191e2f56ec38a962680d5087c0099f6332b1b7fad06342884099f926c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51af6ac5f905f42a83231ee88e3f6367

SHA1
fb612ff3e9c82044a83cbea148823c7335c47595

SHA256
d7975936d050ac0fd80d7488f1c7319af929824ab751f096a44ba58fb29b1f07

SHA512
49075fd803ec0722a0343ab2142d493bb6907a4d2bb032cfce08c6410b351dc97686226ee3883c0eb18cff23efab3c0606b93c6e82fb6ff6a7b221ad1c993448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15c073387ffead849843c1c025da62b5

SHA1
52851ebd24d80a7b1b7edf8bbad296b6d6caff65

SHA256
2ba7316c75376c3b6ddb5808f84d86081963944ba2bfb0d87f91fbc95fbdd363

SHA512
5148616fd9a8fd9482930ddc36404c8fee761effa1b665feb65896c09abf112980471b954fb502f976957e4cfea3252277c526946a9d53106df792f1d4d20b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e4a87f77175efe14bb5d71e4bf1c45b

SHA1
cb2c6deec012e1bf81dc2b794919a510077e80e5

SHA256
8e7dd57aaf2b11916b71cb3ad5f929fc1089e6af9d25f849ad7d00aa9e20c36e

SHA512
b4eca35e7de3f7a524493a9187034ae2f9fe0597a47b4071315949ddda87dbbbeffc47b9cf3d7ac9d85514b0e7416b459db97691c114ef1261eaaf3fe2d078ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
63b50742268bd16faf80f97ddb9e4c08

SHA1
c2e524f6bf3b43cb7a4c3fa8fb3ac02e049d6d12

SHA256
685a029eea86096d203ce44dc3442167e3337886c26e7e820936c096ebbe84df

SHA512
663923b6911f41109e3102fd2b85ef77b0c22c2e79b848680d23332844110cf9134b8772d8f0106b9eb23451b2ccc9394e3e89af7beea2e498b85a8034ce151c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
ca50727c4c0df48ded2a208e96d64014

SHA1
46b87c59fedd376135df56d851b4e31fc38eca15

SHA256
5924245fc32087bde4da4f2a50b1aac73fbdee3f2abdf603caac5a68c0f81c05

SHA512
bd4b9af7f35fc08027839225dc2c6767491f6ae6b207951d83967f51186cdb20104e05c2d2d32464e0b42d37bb92b43f9cd28868afc8eaaffca2f2d0d17c1a46

Download Submit
C:\Users\Admin\Downloads\mail (1).png

Filesize
8KB

MD5
e19b61acbf42673dce9a39aa36e2b0e1

SHA1
dfc80918ce94383cbd4f9382ef394af5bcd59d59

SHA256
4ec335889ceed0e7c3a4d39880799badf37a24283888c138541bfb1079972062

SHA512
308b8066d7f6a546137380e0df797275d491537fd6399b4c91051bbf1b3c04719facc97c5e43f9f6571752ab5012e4bd3045a5975e213afee068ec72efd6a633

Download Submit
C:\Users\Admin\Downloads\mail.png:Zone.Identifier

Filesize
581B

MD5
163fe3668d19427d4cfa4ad6c0769895

SHA1
f00a468de4d49f80c0ca075226d451db4742a17e

SHA256
9a4a3e8e35de40ff43d7c37a5f545176332d629223989bb9338495bc3ececc67

SHA512
dc82f43564ca64f53110f48b7ffb683b276344af969809894eabe7e24550448090533d687a703e40f4c96c3d338da2328935d3da7f3f08e8a2b8864db72e9a75

Download Submit