hxxps://nrzr[.]li/d3/y/1726329238/10000/e/lgrsnf/2683000/85f056f75058c793802e5535391686cd~/W_oVledyKAo8tYFY6PaSzw/The%20Hacker%20Playbook%203%3A%20Practical%20Guide%20To%20Penetration%20--%20Kim%2C%20Peter%20--%20Red%20team%20edition%2C%202018%20--%20Secure%20Planet%20LLC%20--%201980901759%20--%2085f056f75058c793802e5535391686cd%20--%20Anna%E2%80%99s%20Archive[.]azw3

Analysis

max time kernel
75s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-09-2024 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://nrzr.li/d3/y/1726329238/10000/e/lgrsnf/2683000/85f056f75058c793802e5535391686cd~/W_oVledyKAo8tYFY6PaSzw/The%20Hacker%20Playbook%203%3A%20Practical%20Guide%20To%20Penetration%20--%20Kim%2C%20Peter%20--%20Red%20team%20edition%2C%202018%20--%20Secure%20Planet%20LLC%20--%201980901759%20--%2085f056f75058c793802e5535391686cd%20--%20Anna%E2%80%99s%20Archive.azw3

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707966152696630"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe
Token: SeShutdownPrivilege	1996	chrome.exe
Token: SeCreatePagefilePrivilege	1996	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe
1996	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 4708	1996	chrome.exe	90
PID 1996 wrote to memory of 4708	1996	chrome.exe	90
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 2884	1996	chrome.exe	91
PID 1996 wrote to memory of 3324	1996	chrome.exe	92
PID 1996 wrote to memory of 3324	1996	chrome.exe	92
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93
PID 1996 wrote to memory of 32	1996	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nrzr.li/d3/y/1726329238/10000/e/lgrsnf/2683000/85f056f75058c793802e5535391686cd~/W_oVledyKAo8tYFY6PaSzw/The%20Hacker%20Playbook%203%3A%20Practical%20Guide%20To%20Penetration%20--%20Kim%2C%20Peter%20--%20Red%20team%20edition%2C%202018%20--%20Secure%20Planet%20LLC%20--%201980901759%20--%2085f056f75058c793802e5535391686cd%20--%20Anna%E2%80%99s%20Archive.azw3
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd4bb1cc40,0x7ffd4bb1cc4c,0x7ffd4bb1cc58
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1576,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=276 /prefetch:2
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1844,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3752,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4800,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4804,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5208,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5124,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4724,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3200,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3148,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5392,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5496,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5536,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5180,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3324,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=728,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5060,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5556,i,6504456042261594286,14363300496514599379,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4804

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4352,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:8
1⤵
PID:4804

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7a03acde-534d-4a10-b8ef-e4e08bc42156.tmp

Filesize
9KB

MD5
51abea1dbbbd3ead0bdcddf045947e89

SHA1
05bf833e4948d862089c66db9067748c4616565b

SHA256
3ca6417251a8413591b5de33849f48bd345cda671599ba8b10571d33e8c03088

SHA512
32fde55fde09e05c4a7b5c91961fae1eaf9b6848564b3d968c35e2cf5b9704a7daada22804f4b766d81db5b4808ebcdea69925550503cc61e0626b88eb4fcef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
08fc4cb924a1d285f3653580a60c3b0e

SHA1
600930e7c69bde322d07c1ee8aaec25657a25d47

SHA256
d4972041109ef95958114f891c0a6b57dd440d5b2c2a70574ef0695b3dc54e34

SHA512
8d67a76dac77c7b1de4208bd56683ca346558aa952c2e7423a91d64509e53fb1e518a6f25f155979fb2af31971bb7ea195f2a0ac925da5d051dfe2f4e1fabbbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
41a59e02e11ecc6398b8d0397e187a64

SHA1
ea792764dfdc866482cd7bb4d22e6a0907a46231

SHA256
1ec90a523b32558511c56980237a16443512161b62665a275c10f50c68cb4366

SHA512
82f79467c452a9e666e595de04b46de595ee1211d30fab974e36f826897cffd6f71a9bf7b738eba3e4d7fd7ac2d4561f2915927a89698ec859656b054232f7e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
157138a85d3939b9e63fb6438ee4cf23

SHA1
c42f58a9160bc66ac7e8e1eed1c62b350af1671f

SHA256
cc097a001b9b733edf95ae5948b0be02e2cee6b1fefff60a567c70a5b8780960

SHA512
2d1c0f75fea4aa17b3037dffa02f180eae69793447ae7a6cae349726aac34057fe7a0faa13b12ac2d3a1004317a62590e6d112e1a0af026ecf0dd5cdc3231871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7acb24771c1a9504985672de5d1d1a30

SHA1
c52846c2d5290716a8d70fccbce7af82c5d786c8

SHA256
b6fe1f802a2e01de153866d531982e444691e512ab5c31300bb87b42f36bc027

SHA512
eae12a31133318f7bf5e12b358d71c4e78b80d82e38bbc293c84fbf0e8fce921f914cd084b595b85e6a42ab5be2d28da93f49309ee5ecdcb247feb79c3b303aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa1fc8f2a00d569c3a14306ab3355a3e

SHA1
6b98ce16699408043afdf73eecd12f5a6dd741d8

SHA256
3e8b6829d2edf86e409870608a010725b241a924d42e20066c3a6fa22f2fdbd2

SHA512
697806b149deadb939566b542e562af6db7e794e3dfe3eb787c667fc8851742deb100f5d0973626cf74456ea97cd9e9b18b8e13c1321aa0a21d111f19b073756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c255dc6c926f255dd4698717c1a2f53d

SHA1
9cae67c09f886ee90728543aa70949a35cb2d694

SHA256
92020c11de5755de282703b7b6819821753408bb3df5f9856aa5ff4c033c0f93

SHA512
71bddfd7b20bd0eeba34dd4a2d76512075964a1d129667d9a8e183b64c5eb39bd9dda2c64848e310179ef3757d6bfb73dfd4f3e80b5f906c6b7e8f3b05e05989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
247dc0b0e94751f0f8d64e629fc67e70

SHA1
92dbc3565342a1527e8975918279087e97e40d53

SHA256
dd81fb0dd3172e4652b378a96e25635cfb7df2913e4e3c7c20eedfaf914e0e14

SHA512
b7a8d8c1c4c38a2af8104b81eece1f6ec37737cd5806ac53d1e153e9f6827eb5bb44ba0c4c8a4e6ab0ab3534940fff2b7d668012ccc2252f6ebacdea999b75ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6eeb9745db9fd280228ea8e8bf4d3c91

SHA1
40f2ba44e611da481f6353a3a86087b3aa17faf7

SHA256
52bf1d5415389a2ef693484ba7360556efba9e5435594de862bc8f27ccbde0e8

SHA512
56e29d136c765fe7ebd7b1a89c6370d485151ee5176bd8a06f6b88d70ffaff00d0559020b4a77e0ab7a5f054b76473b3f8747525c8c19bfd14a8338ff4a28fc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
7211f733a481ab8a0d53d15911604b52

SHA1
1df2b151debbcacf54ade6f9ecdbba3344c8f88d

SHA256
b4bbfc953a615d5878c09e41f96c3feddbd4a56a90cc806b696a62755cadbb2c

SHA512
4d302401ef69023c8951f0d336441f91a092fb2d3fea7105dcd919d398e57c69641b44e9bf0121e8c50c7ecef47ed377ff7d68e0d3e2012ba9c834db0c9fad54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6f275d33480b5646ffeca87ae152eaf1

SHA1
eb3179feaf9df8c57209d75eb831197cb2ae7905

SHA256
b260cde9c549182f97264ec322bc2575469b5ecce173760d737b38baedce1f1a

SHA512
4245ee70d40d4d67fa5326ba223ca3876a8f250b37d80f7558b32860203052453a248dc0371de05af1c4d9c0b1cffb04d0f3e6386fbf1be288bee8decea76536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ee23c182c87336f0101a01edc0318a23

SHA1
33c8daa68754fc8e08b1fe7fc0f9f764df179bb9

SHA256
db06ca08d80d9369ab844720677506a596a0c9d74349bbe99dfacab5a7d58ac1

SHA512
da0a5effbbf2cad42b1d9eb0f7a95421db2a82a854c25e73885458bb272e22c09cef3dc1431605415d93feb10c1f3279cd09686e310deebcbf662f8163c441f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
2f5990a6b26602bdd7039e15592d1b51

SHA1
280c6d5e1c8561e56cb1f23716a407c62923b18a

SHA256
b63451cab9918f895b4d521cc2dbb7c5ad41ce255148153f52b2238b9af7252e

SHA512
a706d37279862c2b5ceae3840703bdc66c8eb2e659348ec9b4ab89357e6359fd7ff654f342e4501b5f736775ba74ec1ffe5e180139996585bef7721ef62a5909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fe807bf8-2b51-4441-aede-9f50511c3028.tmp

Filesize
99KB

MD5
24b13f076380c1e73e4bdf34fe5590a9

SHA1
5f96f018ac9f00fd15749e1d70e15dfd909838a2

SHA256
fb2e8b9ec0175615dceb1d5aec3116b96bf9960c1f41d250fb1793a97e39a110

SHA512
891273e0bce5a2609ff4a34e1e7a942da69b9e970ea9582f9c302989c745b9ea3abefd23d1c1b421804c1ca4a8ad06d64b0a52659f9531cc35e344e29bff61a1

Download Submit