hxxp://protechonline[.]net/48-x-48-roof-access-hatch-galvanized-steel-with-white-powder-coat?msclkid=21aa2f692e0f17c0a073498bfb884a12&utm_source=bing&utm_medium=cpc&utm_campaign=*Shopping%20-%20Protech%20Products%20-%20JF&utm_term=4586406602297620&utm_content=PLA%20-%20Protech%20Products

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://protechonline.net/48-x-48-roof-access-hatch-galvanized-steel-with-white-powder-coat?msclkid=21aa2f692e0f17c0a073498bfb884a12&utm_source=bing&utm_medium=cpc&utm_campaign=*Shopping%20-%20Protech%20Products%20-%20JF&utm_term=4586406602297620&utm_content=PLA%20-%20Protech%20Products

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3996	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706334591577636"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 4244	3996	chrome.exe	84
PID 3996 wrote to memory of 4244	3996	chrome.exe	84
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 3892	3996	chrome.exe	85
PID 3996 wrote to memory of 2708	3996	chrome.exe	86
PID 3996 wrote to memory of 2708	3996	chrome.exe	86
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87
PID 3996 wrote to memory of 4316	3996	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://protechonline.net/48-x-48-roof-access-hatch-galvanized-steel-with-white-powder-coat?msclkid=21aa2f692e0f17c0a073498bfb884a12&utm_source=bing&utm_medium=cpc&utm_campaign=*Shopping%20-%20Protech%20Products%20-%20JF&utm_term=4586406602297620&utm_content=PLA%20-%20Protech%20Products
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff90daecc40,0x7ff90daecc4c,0x7ff90daecc58
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1704,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3016,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3032,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3020,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3408,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4728,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4936,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5112,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5248,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5584,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5680,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5596,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5972,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3488,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5800,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=208 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5764,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5824,i,16931246230628616186,8072783271218369074,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3764

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
cc71263e1a9c084d280a8480ed45eb23

SHA1
ded4f38a8f0149719936c300c7b61c0c085ae77c

SHA256
ae64cdb0f8edc6107e7aaa80e955a207e9242bb62278615052b039b65894a43e

SHA512
c1f942441765376674291c7e99dbdd567af6af2a5fcaf5e69ff98f2fcc5a7449092d7d8039b83081f57889f1956a137ef80d406308fb3f15e0004b051f7422bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
adcd7420683295807e94d8e364d66342

SHA1
c93b40ddc30dcbb537bfbf3967aeb6bcb9cdbc18

SHA256
c31c4b4b7249e59819b95f4279704380e5218567baf707b1b73bc718a4ddb4a8

SHA512
979ec32b5f8104de014d229a84f1d571ab4f1cc1d56a52c0f55355f0ced88e37b10d7cbf389f6156b1469ee867cd20ccfaa7261ba6e986e413c7f16d4e8d87af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a2b3ef2a1471165be1abeb54e628915d

SHA1
d3df303f7326a382622aefa7a4aaf1be1229bc2d

SHA256
cc182c158c0901ccf0c0d7a63ece5eb62a90db823db5f497bd9c39e30c52c75a

SHA512
631addf4b5168365d10aa3c7a0566782555f8d4f8338ffea0c04049efb724ec7c77c0588d2776fb80af6a361ed8f4cc77fcc1f4a7d52a8f80e0fc0fe9828ef2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
6084a00304d98675e6ac5fb9eebb8fb8

SHA1
9f74ed51d964cb4c214260e08dde0d9826f5d145

SHA256
58e711451372a8377b9e33fa21863213d70c33eba5dc1049aac62d42685ab794

SHA512
3b4f1b209919185f9c642518a7c11610731d5d28c1214ee1dd24777af69e8e5139ead4c821270f752184db0e502767e39fd5eace8a8093d7a69b52431abafdcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7215c583d825f694b428aa86594cde79

SHA1
d775edff857b06feba5627eff6d282a5c6e2c8eb

SHA256
f01d91ea25ea4178c022056532cd1a53aa59c58020040715eeb86a5f5be8f0a8

SHA512
6152aacfe4cd15febe1aba5737e43adc5c0a6965a272e033d8f1cc0a42942b711c5b4ce49486490e4450d7a4fa7aee2c2a7be2f12199755894eb44ac44fb7a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8a675c09cf1db73a3d60c8a8162fd860

SHA1
5aa35efcb1085cc48dad63c58374efe23e3a6c08

SHA256
3dd0e5f779b1fa484fcca693de996514cac3bfb3c517151ef7249a902411a071

SHA512
1a1f11169eb6117618e36eca3703923e395ec6eb7d4e340e737c1b03b08541ee9e1db06ae8964c8e09801b095b8f679a919a4a9b3a88c00a2a25b3e1eb725284

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1e3fd4f35b33ebf401c2473e58d1a122

SHA1
cc6863fa40b783ac9b0fb127f2c5e13d03ab7c6e

SHA256
a8e6e0a7c97e9fb1025eecf2453916d21dc99c2119824fb9d02cd08788ddf939

SHA512
120aa1d7f003531728087b5d6bca10c04884e1cfe361aaf01f74b18531b1ad38fb446d008bf52b4ea42eaaa037168d35f506a5901bfa6b395465f13cb2adcd58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c790a83d2aee96d87ffea846139b179c

SHA1
83e8a9df74e02e1335a4ae9bbe0e7bbfc0ea052a

SHA256
496e436be3663902d0b344a72af9a9eb3e1548fff5957160279ace7abc1cb063

SHA512
04d50cf524515bba7178e6f470cd050615c2650eed85ae8546083100ab02b450ebcef7f69b0e7a9bdbdd08ca683e045317484ac3eec2e4e185ce2bdc565846b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c594827b6153a384fe4e903299855c5

SHA1
27627e8723bdba3af032e70d269377e8130e98ff

SHA256
dab4117696fc2dfc0fcba2883eeeb0a217474810a53a5ed2a491816325f07418

SHA512
15872da5cadd3b611c21ecea66328fc5e1641001c4495775d1635632807bb53fd241836873c647714e51f4b072fc1b3c2e9f1ec5e0f7fb015d22099822f6941d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96b6f2d1a8e9a330ac65de19ca855fb5

SHA1
5fad3f3fafc072fa3658a083b4241ceec5c5ee5a

SHA256
46c69073895b09765fa5ca936574b85da002d00facd4251f0b9d83afda504fa0

SHA512
cc703a8324d5c380c4ee208127654158cb314c5a3e6d0564a4ff38c7510935b8b2675ad7c58b88cec5c392633121cb444b9f2e8823fea565c24d4c80cfe585ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0fff0ad2d37df4a99913d8ccab8d2806

SHA1
8838d2d8278bc40d38cc6827906f792081a1985d

SHA256
d01b4f3cee3aaaa524ef9c465f629a454877b2ebac9c94682a7d8733e9719900

SHA512
9eb071c6ba7c9b236c931124d479749457a09ce77c49a78d31aa297339060329cb235cb0d71c6b8ae31227215daa17e361c341efcd5a7b1e62559bdd48a2a6fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7fca4f51cb8203970e32ba5d7ee5fba

SHA1
cce2ed73ccd584fd0f897079ab90ad7860b0afa8

SHA256
761a6c07f41e522d4dfc6e5a3b23772410adbd04aa72253c3046274971b938d8

SHA512
106a30ecc29ebd6f12ee85b695b179381c06043b380d1b5aae70036ba22452966ad4dfeee218bcaf6a0715848a992124ecdad294db62a81a28a99c820b486b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39b95fcdf99072116b45b65781d0c41f

SHA1
b87a8ea0b42af6a3778f57201d468a74f25f4b21

SHA256
90fe7199473fa6f3e23130c20c65cfb822e290375e39536408da8bce524dc761

SHA512
04aa93f97cc53478f30f8c55a7f43d83e264f95e3ecb15841c1703d74acab926cc0efbb76f4fbe1c564e065a7db078abd06ea2752bdbb05497bea942a4b3775c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c305500d773cfb042ccbbeb29b9254ce

SHA1
c619073a933481f4bb286dcf522547dcea3d3d57

SHA256
bf78439ed479d752718e1308439afbaeea41bbd35fd177f37f5c001b1a95d48e

SHA512
8861da15f5a058b38c250982e3f9d989f864e8272cef2dbe3df08372bf973b857373d563032bc14139f3a1b81dbddf95f77af8df883aad7d12478d56d531de15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ff79cb023fead98c104db60bee28b0c

SHA1
93fcdb77ab84dbc8af50ddccf114510b149774b2

SHA256
a2dbc3f03379098d952f81842f42b8f5b9740755c040da8cfe856f59605b46b9

SHA512
8465dafac992d61b3f497f8a19ab0655b1db6ed345d56908c90a4cd779d5670619f2ba0f6ae00c354046df5fe96f074bd8615895c5642739c35904408c5cbb89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e60315cff9bd3fece6928f5ca6bc563

SHA1
258761780b17821a949f235e76c6d5503773f1fb

SHA256
2eb571841acca1464e282d866903bc52b42391ab8ab9b8e4be76529fe76fa714

SHA512
4ec3a6510beb3eb75aacec44ba87942aa0b267fbc1913ee3a6cecb775a37494e9bb3847ce32984294bd4bfe13c24b9f23b0d3bd897dd6ae566329ca23a26c4f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ab77d13fd0d9294c66406bffc86077e

SHA1
6dc8549825484fc5a3c1f5fe1568da82b77e7f6b

SHA256
eb558708ae10a563d477ead40c9c57195bf98fc810acc2a364243a14972cd0d4

SHA512
542b7e7f9d6847342bc865f0787fe08d0ddeed2e8ea95e540d80ee400c96973d81de9024c759b9f9202d54bf06b8795605b8a9c9ffe391405f84c3e77ad56679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b11693e1ad0a693942ae963f4149607b

SHA1
06998e3e56370fe126f73aa4c48c7434284c0309

SHA256
798c33ced324a91da15e8b869512df81166656885d76ceafcea9688504f47e4c

SHA512
e620ab14a8d9a9e58ef3bc6702e11b2637d5f4413149a423b4015bcb78cb59c39e7df0d4c094c5c6b625877ee2696eb64020bcfcff919bf81638df317f1bde09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
3251e67cd19c8745604c36330590aeef

SHA1
9f7e95681c18d176e6b1affff8f4627acee3123f

SHA256
ca899f0c3572b7873549bb0760cee7e2a324e411ed3864361ae867a0a2e363ad

SHA512
bc302663eaf379e788eecc6328db9bb2264062a4a891733170153b46eb4ac1f15197333fdbd60cc05e1559b66fd7438b1a2ed92755ed8d3ae1070eca4256faa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e6d5f732-c896-44e3-a696-5b0f653bdf33.tmp

Filesize
99KB

MD5
0e0a8a3d4ab1ca5ec609695e154c92ac

SHA1
7c4c4adafc90f8249360d20c45262658d9669cb0

SHA256
68d03d0e286b27dc847fb78c695359c9665e12e6f2d1da5d5de955fc0104ebfd

SHA512
5ddbe6dc3ac9dab2b41cd78b64c77c1dcb7b2dda851e872b433d0772a4bd454fac9f21b9f658573bd19ed0d02878f80ecb3ad6ed73e89598b79c3140e6364f8b

Download Submit