hxxps://plhn[.]pw/HWR

Analysis

max time kernel
299s
max time network
298s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19/09/2024, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://plhn.pw/HWR

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133712405517203533"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
1092	chrome.exe
1092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe
Token: SeShutdownPrivilege	3368	chrome.exe
Token: SeCreatePagefilePrivilege	3368	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 2356	3368	chrome.exe	73
PID 3368 wrote to memory of 2356	3368	chrome.exe	73
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 824	3368	chrome.exe	75
PID 3368 wrote to memory of 4140	3368	chrome.exe	76
PID 3368 wrote to memory of 4140	3368	chrome.exe	76
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77
PID 3368 wrote to memory of 3644	3368	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://plhn.pw/HWR
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff965119758,0x7ff965119768,0x7ff965119778
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:2
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3928 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3184 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3684 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3676 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4440 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1832 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4516 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1804 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3804 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4676 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4524 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3184 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4456 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2320 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4404 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4108 --field-trial-handle=1896,i,3271311099757883688,1025291747623478735,131072 /prefetch:1
  2⤵
  PID:348

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
898B

MD5
3ebd98e51863a69448e418da94fcea0f

SHA1
090f6fd4eb1f71d31bf3a0e53c562a19a89e7b44

SHA256
aee6e926a3ea65ef036ad2669c76620c40da2604f909d92ec443e3354fa2a480

SHA512
e95cdee71297c423476483dde8e33a06f573922f0ca17c15a7137fa3db18fb73c7a28b891253a920562231b124cc63ee4a619f9ecbcfbad518eb7741017c55ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
702B

MD5
4c65d83eab5e1d327ce53d74d3b496fa

SHA1
d3e183b177c33ca0df044d064de6a181e6616c09

SHA256
bd5a523a69d85dc0806db5a9171d0f3497a86e83462eb81523b7ae0b2f5db80d

SHA512
11293514d603389c7be93948ad3853dc1307b47a52ce6373db8d33eb589ad6a4376178666c29ff46866357f367e8571f3185fbdb5bec578d525b492bf62512e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
0eabcd2071c33b520dbe9e6016b7313f

SHA1
e146b3bfd8cd95b0f5bb6cb309cdf7c49df896df

SHA256
4fc437b55da30dcc147e6a3630c018843c9472d4579037c77ebb83fea009b35d

SHA512
7fabca99d7c83cfcd8ff8d1cdcd65a2cadc34c20e82a24a1cf82a3d3f6db549aa16d6d7f9a7a12f7db560354a158215bafd7e2ab683fda142871739ad3a96881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fee0c413fd084817772c737dc34e7c90

SHA1
e728e69350167df13b746ef6df2d6e28e4d6c9b2

SHA256
15694164edf8eb5f1f49d5ef2a33a178259caab1784e6dfd6f4cc90b25710ebd

SHA512
74b7e32c19bf11a6f5934f0dbe3f2536e8df8d8542e1f08c957cccac22e6cc623724cc136dce82eeb6f672240832edad9286444b664d00cc89495fa84ba3a168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0a6fce256e422d7b0e7877af59cf40bf

SHA1
dbcd613f8f13f077efc8ec2f938baed70996ea66

SHA256
1378645bbd053c5a78df8b575581c3131264510798fd7a5c75f53bd121ae0c7b

SHA512
416af3811afa41625f4b9a3a74698ce6117e94e19308934240d6d0303a66034c6077b9e890f554b1997bf394ec7cdb4a7d0c79178de47feaf873659724514e5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b57ce73bae8665690567308f9f0a8cbb

SHA1
0641d4e280081f6b0cb9c0256393e0089a8c7c33

SHA256
b0bf26d4a04e30ce240b7055ba38d916d782aa4f3de5c6dcbfe61d823a7341f0

SHA512
46434853d6e72a41f79b7238cde5c707cf1902e5e2ef1a316df93334d05c46564ccbfc3527fbdfefe50eae0fde9281f2f963965d2269259fdb9b1d6a40a1f59b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
3ff8f8f9175e8bc9a6988956478bd49f

SHA1
19f53d2c399904a79ffea3474f72d723d4d779d6

SHA256
1c801635b94bf1a40b6ef3630e9f38c754d2fcfeff83a2693abdf798fff6e259

SHA512
204e7920c3a9afd11759affebe9f433820259a6f511476dc6e64868201902129894c1c3811b0b3213de13b6b4d33e580caac30cb07760e8a049d97442c8f4d3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
5838c7beccf5366cc5522a7a4d8744a0

SHA1
607e94057594f0fe441404f4cca1ccb115a3799e

SHA256
92ccfcf54961a88287b62631f4c0cd8c3f231cd50c96a549f83754a43a3b975d

SHA512
872a51b9c9d4dcc721436a21c4cbe03088b3a89a5444e802991a92fb1067e6ee4fbef691a5a88cebe3907b13d728eda3868a96cc0ff40f5d7fe50d012a718a25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
b85cbf3177024805bed9f818cf05c7c8

SHA1
cd02555f3c1d00dc7fa8c3a32d8805ef307a01e4

SHA256
99c9eb414f14cdfe67ca0c364d5f15c0709e5f364381c65a752794f9c1878ca2

SHA512
88ed67c6b14cecae0240a0ee15740b04b8737746570de04402f56ea18e9e82d12a3e76777b652d22f7d56dff0e38ffb204bc5d98e6c3d45012e8e70a60d31805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5873e3.TMP

Filesize
91KB

MD5
32c56b75d868fff9a56f3e3f261efae5

SHA1
57755188f32dac3823f47026dbc3bbeeb71b7b44

SHA256
e8a467f86b1b877103d256c2714dc04f41a24d7bccd8e4b1df11a13587a22ee8

SHA512
c0181712595dd484a432b1d8da6d5bcf7018e9743cd21352b7c08725209312b1e16216bdd69cbb77bc45a2613b81b8727dd121e8ac5878cf8c129f194b0624f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fad8b877-d262-45d2-bc80-08c500163362.tmp

Filesize
136KB

MD5
b1072fd7eff8d831b2bce59d396bd753

SHA1
7e28d84d416ad98b5dcc17e7c41041dcee4e76e1

SHA256
c702bb98948c7515d8cf1e43fa3187ed10320e13f37ac9d9063d0d8409bb5c68

SHA512
5b3fabd1f85d0c1c3cdde30a4f7684da82373075fea2756147f8ebdb088a132d4bd04192065606c93ae8bbd355e5298ce4e36fa53fe868238fa082c30ad55255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit