0c0d0317981aaccbc47b6ad8179020837648e3b81ac0c26de395cf5ce6ac2d1c

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 18:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Artemis.dll
Size

2.3MB
MD5

ff5398ae17c9e829a6b0a00d930d1af8
SHA1

f59549f4ef0b2fb2152916154cec1911e09de0bd
SHA256

b4c0b75d62763bebec0d16c2108f714b2c2fef22c9c520964398d9202a1ca954
SHA512

4ed1dbebcde12c84f12c3febdbbad562f42da0bb65c43e7dc7b8213b93bc3609de39683c13411966f1667a03c06b279f509d4da26c234963215022d17d0e46c6
SSDEEP

49152:lLULMzHf/cHSk0n2Uo/7HG+ZHDNy32i78:GLsY2n2Uo/7HG+ZjNT

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133721080183176403"	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 3592	2968	chrome.exe	98
PID 2968 wrote to memory of 3592	2968	chrome.exe	98
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4900	2968	chrome.exe	99
PID 2968 wrote to memory of 4992	2968	chrome.exe	100
PID 2968 wrote to memory of 4992	2968	chrome.exe	100
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101
PID 2968 wrote to memory of 3660	2968	chrome.exe	101

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Artemis.dll,#1
1⤵
PID:4604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd00f7cc40,0x7ffd00f7cc4c,0x7ffd00f7cc58
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1716,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3712,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4904,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5084,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:4036
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7f79f4698,0x7ff7f79f46a4,0x7ff7f79f46b0
    3⤵
    - Drops file in Program Files directory
    PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5132,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5208,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5128,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4576,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5440,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5012,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5384,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5360,i,7198650936376594831,314978863154253483,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1784

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:8

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x50c
1⤵
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c1e7f517659a84998b5010a600559243

SHA1
a894346d05c5a2bcfd11a6ba00fced2e30cdb92d

SHA256
03144652e91be6134b80b9293bbadb1eb449a6d43cf9b2db122e67e60de52d06

SHA512
6d8c2cc7d7a0bd360d119c3ecb408c799ad0c22c780a3c33e9ca7f9d7544c8912c6b000b5a43ac68000da985fb70523f85e6e0aba24a37834cd3a5f2281e2a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
726ab484d979351154cd7fdd73083eef

SHA1
0737ebfbbb5d4e59bb14d7f3b78233be1a150d0a

SHA256
ca6283d35862257d4f444fdbf6ceee1296ae4d2924816c28776655a3c11cbc5d

SHA512
09422daafdf39ff677039dc25b2612b12e5cba8a1dfb1719371d05e4e1d1f69fb1755650b08f7396ad3ab4dfffc294affc67612cfe4136dec89bbc5df94b34d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
13d8f98ed219db215af5268231cd274d

SHA1
575f67d915e4c362366b3fad498185df54f71ae2

SHA256
b3805e7ded3f400161e8180ca4291361d6a603ddd6f45ccccbae1f860501a087

SHA512
3e0edb50904e535594baeb8f8ac97980c35a4689fb3699d6ec56cf848c99cdceaf441bc056abcc5c7df0ac13695f6d84d563e66fc988b5709497a956e9533ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
5dd74e1dac15a85419abdaef2d7712d0

SHA1
acb30b62f6553b2cb1ddb47764e5f8e5f0be5894

SHA256
404c3ecc9b6a2c9f668701ac1e705cbdaf5454c31807e632332b416ba1b75566

SHA512
700cb8ded237c5dd2fb4d14289a2c8b286ee352c618e83e7fab5fbf32e780ac7956b218b53d04d90336b0f91efeae99c0b685e6c1ce20c6eaea4ff708dc055ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
ac1d8f61b8e1cca86542976ded744c8d

SHA1
c1365326b120b2ec225b5a962a90f47f1faa113a

SHA256
3be594b790ab1473b3f60aa9860b160abc8f2e4b2498aab8b60fc083b8093a71

SHA512
b796c77d8b2a616368506ed08ba5b4d3ee83fed0346a5e107793c6fde0599c1e7f739d414d54dcab27941ceda14e3cc7c42f5c31e178f13d2a26d508f6b1247b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
5c1bb7417dbf188ce61f1527520116fd

SHA1
00d4474c4fda3d1a646199a0186092b245c5b1eb

SHA256
9c106e0b93b4125d32fc7fdcac0cd65940701c79211a3a4c2b83dcbae973a6c3

SHA512
c457a3198b8b3a801f955dfe155868a65f951eea7576216e456d0d3bbfdd87bded5d6e34a4d20fd95493497df66a75793ccd91387583cde4bfc056a292bb5e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5c3e3676442bc18cda390fb2bcea7c0d

SHA1
cb36aed484cdaddd44f3d1e8b1c776879b46df04

SHA256
c201131cf3a2ac9e7abaf0f12d069272e7e0518b940341cf98343558e339943f

SHA512
452d77798f6ce56825fd19a5cb59dd4008439627ef0dff58e77c12795979739ddd437691cd6509c45309bb9f5b8b4aaaf6f4b552830388da4f665595681fefed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9b3599e29a36ec8b74995fb3e2f9bc8f

SHA1
f5d157c11658985b585eb767a6dfa7b21f1a5db4

SHA256
9b755fdaf4778b5251e63115d867f3bfc724db4675570ade773306bcf801bda7

SHA512
ff2efd0fb8cb05a497cc3bf845fefec836ff0f62dc36cbce3f2225000154504f703b695e574ce8f33bb40e3d2d9c9e368fd45e17aa3bec1723dd54aedcb91671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
990baad2d9d2ecf0263407efd61eef12

SHA1
e15b501715c7dd7f8b5919f5ede6ac3b2809f0ee

SHA256
1757278c3a3b8d9cee71c4fc61010dbe7c41920b7cc3fbacec959933ccbd390e

SHA512
46e8a4d95a573872360d1ca046e82f2c10e0b679a60695a412dc657426700835c8af14fdb8e1dfa28e38cb3c48a4f4453d352bea338ca6d40e9517bc28fda5ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5baf3db6f2bc8fe549c00ea8cd1a59ab

SHA1
3d8a6c470aa6070ff8f69ba9f09a5be05c57e217

SHA256
db21d0bf3c4d08b38d01ebc89c2135bf94c11cdd28f327071806fc3c05fd19c5

SHA512
e3b7c191b12bf3cd013a6d6e78a95f9407efcfba4de461342ad1816064cef655fd69fe6f443f8cb6069c5b2e823222ec2d910500a41ad515b064a8a4b15dbaf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a585078b4cae1377b0e8bad8bf32308e

SHA1
39429ac73575467b9ef5acf0592ef794aaccebe1

SHA256
3fa8e580f9930de88651a8b5609e4b62c834bc2f6bb08c626a2aebb994169ac4

SHA512
c8598cd6db69e91d98824ad57ac0645d5231e89ca67a5a51aa1b9a44477294731867c3556425047a5b3b41b6c4fcc11bdc8f8cab7ed4e8c8fbe9863cc850cda2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3ad8d5af88eb6d1d11983c20628c0f7

SHA1
d2a25bed4f30c695679eb4aa304fa6d8f93d26b8

SHA256
0afd881505359dd6916e00a6afd6848e176b791ccd0153223d4a368cbbd9cbe8

SHA512
2fb880ed6337ad84abf439a02e8641c443407999445208950b17229daa57c35d8bc71ec13079413db6f8af2a733769dfce902c323d48ffec9fbb979e8ab15c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0138efe2707fb44e651ff3fc3cbe9246

SHA1
5f1e02d8921f8ca7cd6d414c20bc964f7c6615f0

SHA256
31ec234542d9e95a9686c82ca6374842cb7c63ec267a203ffd7f4af1d2043097

SHA512
c74202b4c78dc255e40e2553743ad04abd879a04643e5e039facdcddb937abfb2c4b3a5bc58ea13f9fc1775d89023c659de68a9cb3d2188cb9f89f398539dc06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f5d320cf308e3d698a594f1c40209ff6

SHA1
366d3e175402636d128155406e6357ad27ffb60d

SHA256
66681ac17ad3ce8eaa48533c70e4fe74877e93411ddb60003d7f6db436d8dabc

SHA512
bcbafe5f25a06279989cafebb2a5d7010035b4697ee584bbf4de2ee2774356ee61a459d00d9853756b94eb30f5f2959ea437c7a7ce58e9f7939917a066e9c368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f4850f65fd6ddafd7bacee995ebe321

SHA1
0408d0f7696a956b9f8a95566938026a47ce5ee0

SHA256
2ff7944cece5349f09e4ce917a616a30948fead7266094cd7909d8916a1c0780

SHA512
f1dfe5680d7538a1f37a363181e104088489f1936a2eaa1c33a33eec926f475922cf4c7e413b031ca8616763f52bd359a418ffb5d6863162078d22296aa8bfbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
26e21cd51460e7882b9ad00dab8fdc56

SHA1
bbdf3d00f3084905db8f3a44fc5bf5ff8b7cf34e

SHA256
4b8ad0801ff359362c009ff146f3c0182326d15b6f52dafa24b5981117678f71

SHA512
be5026b67f5ee6ba8c5cf0f82db67763f2211cc9f0d1c0d2e4f280db570bd8033b6ae207bb94426e91870cc159b7bb428dc9daf103fb962a100e994ed8e3c8d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c0b57ef06eaa402ace9029e5f21e335

SHA1
0f2154afbd8fdb5ada51b63a7d07c55765198bc4

SHA256
8582e83575144e638dc4af699ef398139c6d19af31ca4c53d51f9252240fc2ff

SHA512
debcd0c64deccd8ae4ef4c642109c423f7b12c0bbd9768eb0692a7f7bbf3556cf5f2ca0874bfd3beb8216baea5dd27078a906ba755cb5499bc99f53182595f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
910ad80047b436ac79812add5590b5e9

SHA1
3d009ed3d2b2cea6229344e3bf96d770596b85fe

SHA256
caaabd9701ed2c8b480383132788c6832f3cb2d945f8cebcb75cef1173a1f15a

SHA512
ebd6a700b43bea9d505d4a9fc29318e9697fdb20857387674c2df8acb0c0127ee571db92aee2ca985e091b70b6d24b747fb3c684c7a4f0b9cfefface0d034d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
b3acd096fd08680d8fe00392e39332ff

SHA1
61e5fc407b6c0cf97ad8262f497d7a5c7048705c

SHA256
081376f2141991fbd75bcdcb043c65b80681b1732e8e3e5aa50292bd82034798

SHA512
26874aa4d9f0c4a0a0bcc66b94281b3f7d150caff71ba2b7daa3ca89a91b3499dcad997c601e3472545a1b6493b9b7fc9f39761a25d55e3942f033bcfe1f30d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
9c71e25a058b596bd3d516bb96014be1

SHA1
933c7d0ac76eaed3c0eeb59fba41faf1f608ed1e

SHA256
9bdce6670097831fcf7f249e222de5340af6e7947847f119096572116bc6dcd7

SHA512
287537055c0084550487cf0894ecb39e89f7e1fae7aff49a092394efd9d1fd4f9247f7aca9678bf4a3afc72842daee9ba82448654ba378b00e0e8247f185e16f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
06b6f7f7a60925439ac3d19d0263ebef

SHA1
e50010a3984b0c4f2189815b25e44c3d29084e56

SHA256
c918db42562f05ebe0a06d36b29789596d1180c936377aed435b8c5a698c75a6

SHA512
f3576bc40b2b3fadabf62fa85853b1401239089edb85b74f858815db8ec10f477dde06d471c8345772d8dcf5f7fa20ddbeff7c40a3bcb7192e438cc9a561cd54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
65bf8073b7506fcf5d6796cfd8dab56e

SHA1
5267f80f3d5e6a38e242ccc021b79b43ee87ac58

SHA256
30b56e8db6c639fd1524d04ac209745cd5d9e869ceabed7708141b88d1b4b0ba

SHA512
4eb69e00c6d50f76b20de4bf0cd103067e8063cb0cc106532a77765d638b655ed63106cf6f582ca401454009a6a3371bf75b7a4e544ff8d43a149f131a7820e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
a9b98059b9ad70f7a38a3a8739458451

SHA1
e7c09e1eae8e75570d58aa04c168559dc33c425d

SHA256
00119f7b1f66e37636628c8f574fa8b54d95b23e1ed8d332108dcf51f14f6e63

SHA512
30ddd05d94445f348aa2ebe3ea0806c8437b9e958a8d0ef26b7152934efcdab1569cf0b93b673165ad721adf1f041589b678416cb86d10c7185d3412a4a31d91

Download Submit