hxxps://id[.]atlassian[.]com/signup/invite?signature=eyJraWQiOiJtaWNyb3MvYWlkLWFjY291bnQvb28wMDQydGZvaXBxcWExZSIsImFsZyI6IlJTMjU2In0[.]eyJzdWIiOiJ2aWMubGlhbmdAYXBwaWFuLmNvbSIsImF1ZCI6Imxpbmstc2lnbmF0dXJlLXZhbGlkYXRvciIsIm5iZiI6MTcyODQwNzg2Miwic2NvcGUiOiJpbnZpdGUiLCJpbmZvQ29kZSI6Imludml0ZWRVc2VyIiwiaXNzIjoibWljcm9zL2FpZC1hY2NvdW50IiwiZXhwIjoxNzI5MDEyNjYyLCJ1c2VySWQiOiI1YTgyNzdkMjk2MzJmYTM1OTI3OGE3ZmEiLCJpYXQiOjE3Mjg0MDc4NjIsImp0aSI6IjZmMGE0ZWEzLWM4NjUtNDlmNS04ZmE0LWUxN2I1YzZhNjNhNiJ9[.]gWCCVc9MaE3Kgjd5NGcQ26Fcmj2utA5gwUtl2sE97QQ0darEVXFB2p6N-R8L0BlPIjiMJedXZe8WDadXvvXeFgw7W9ngflZ4EiUgP0rVit7BSidH9K7MByE0d0wavtBsJjV9Kcm7zHsQYGbp2sbmDC362kgVmN76utbpVlN2xrNmhJlq9KCcLaZ9Mz_4AtRiwoBQNw2VBZ5w2OmTmCjOqe1cSLk-9EXOZcTdV8GZxnDZ9rIKD0OUh9oJBNqEkCYnrVoyZCJPDgSAaSMBJRKp0gAmvsYPVbumM5zvBLLATdJKwqCM5RaEA7rZrKqtt3RY2NDcenDo5oqTutXF5UU11g&infoCode=invitedUser&atlOrigin=eyJpIjoiNTgxYjdjNzhlZWJhNGQ2ZTkwMWI2NWM5ZGVhZGVmNjIiLCJwIjoiYWRtaW4ifQ&continue=https%3A%2F%2Fappian-eng[.]atlassian[.]net%3FatlOrigin%3DeyJpIjoiNTgxYjdjNzhlZWJhNGQ2ZTkwMWI2NWM5ZGVhZGVmNjIiLCJwIjoiYWRtaW4ifQ

Analysis

max time kernel
56s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2024 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://id.atlassian.com/signup/invite?signature=eyJraWQiOiJtaWNyb3MvYWlkLWFjY291bnQvb28wMDQydGZvaXBxcWExZSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ2aWMubGlhbmdAYXBwaWFuLmNvbSIsImF1ZCI6Imxpbmstc2lnbmF0dXJlLXZhbGlkYXRvciIsIm5iZiI6MTcyODQwNzg2Miwic2NvcGUiOiJpbnZpdGUiLCJpbmZvQ29kZSI6Imludml0ZWRVc2VyIiwiaXNzIjoibWljcm9zL2FpZC1hY2NvdW50IiwiZXhwIjoxNzI5MDEyNjYyLCJ1c2VySWQiOiI1YTgyNzdkMjk2MzJmYTM1OTI3OGE3ZmEiLCJpYXQiOjE3Mjg0MDc4NjIsImp0aSI6IjZmMGE0ZWEzLWM4NjUtNDlmNS04ZmE0LWUxN2I1YzZhNjNhNiJ9.gWCCVc9MaE3Kgjd5NGcQ26Fcmj2utA5gwUtl2sE97QQ0darEVXFB2p6N-R8L0BlPIjiMJedXZe8WDadXvvXeFgw7W9ngflZ4EiUgP0rVit7BSidH9K7MByE0d0wavtBsJjV9Kcm7zHsQYGbp2sbmDC362kgVmN76utbpVlN2xrNmhJlq9KCcLaZ9Mz_4AtRiwoBQNw2VBZ5w2OmTmCjOqe1cSLk-9EXOZcTdV8GZxnDZ9rIKD0OUh9oJBNqEkCYnrVoyZCJPDgSAaSMBJRKp0gAmvsYPVbumM5zvBLLATdJKwqCM5RaEA7rZrKqtt3RY2NDcenDo5oqTutXF5UU11g&infoCode=invitedUser&atlOrigin=eyJpIjoiNTgxYjdjNzhlZWJhNGQ2ZTkwMWI2NWM5ZGVhZGVmNjIiLCJwIjoiYWRtaW4ifQ&continue=https%3A%2F%2Fappian-eng.atlassian.net%3FatlOrigin%3DeyJpIjoiNTgxYjdjNzhlZWJhNGQ2ZTkwMWI2NWM5ZGVhZGVmNjIiLCJwIjoiYWRtaW4ifQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133729534524736261"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{584CF1DB-C437-4AD2-8265-799528CDD04C}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 2364	4984	chrome.exe	83
PID 4984 wrote to memory of 2364	4984	chrome.exe	83
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 1164	4984	chrome.exe	84
PID 4984 wrote to memory of 3124	4984	chrome.exe	85
PID 4984 wrote to memory of 3124	4984	chrome.exe	85
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86
PID 4984 wrote to memory of 3752	4984	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://id.atlassian.com/signup/invite?signature=eyJraWQiOiJtaWNyb3MvYWlkLWFjY291bnQvb28wMDQydGZvaXBxcWExZSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJ2aWMubGlhbmdAYXBwaWFuLmNvbSIsImF1ZCI6Imxpbmstc2lnbmF0dXJlLXZhbGlkYXRvciIsIm5iZiI6MTcyODQwNzg2Miwic2NvcGUiOiJpbnZpdGUiLCJpbmZvQ29kZSI6Imludml0ZWRVc2VyIiwiaXNzIjoibWljcm9zL2FpZC1hY2NvdW50IiwiZXhwIjoxNzI5MDEyNjYyLCJ1c2VySWQiOiI1YTgyNzdkMjk2MzJmYTM1OTI3OGE3ZmEiLCJpYXQiOjE3Mjg0MDc4NjIsImp0aSI6IjZmMGE0ZWEzLWM4NjUtNDlmNS04ZmE0LWUxN2I1YzZhNjNhNiJ9.gWCCVc9MaE3Kgjd5NGcQ26Fcmj2utA5gwUtl2sE97QQ0darEVXFB2p6N-R8L0BlPIjiMJedXZe8WDadXvvXeFgw7W9ngflZ4EiUgP0rVit7BSidH9K7MByE0d0wavtBsJjV9Kcm7zHsQYGbp2sbmDC362kgVmN76utbpVlN2xrNmhJlq9KCcLaZ9Mz_4AtRiwoBQNw2VBZ5w2OmTmCjOqe1cSLk-9EXOZcTdV8GZxnDZ9rIKD0OUh9oJBNqEkCYnrVoyZCJPDgSAaSMBJRKp0gAmvsYPVbumM5zvBLLATdJKwqCM5RaEA7rZrKqtt3RY2NDcenDo5oqTutXF5UU11g&infoCode=invitedUser&atlOrigin=eyJpIjoiNTgxYjdjNzhlZWJhNGQ2ZTkwMWI2NWM5ZGVhZGVmNjIiLCJwIjoiYWRtaW4ifQ&continue=https%3A%2F%2Fappian-eng.atlassian.net%3FatlOrigin%3DeyJpIjoiNTgxYjdjNzhlZWJhNGQ2ZTkwMWI2NWM5ZGVhZGVmNjIiLCJwIjoiYWRtaW4ifQ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe5793cc40,0x7ffe5793cc4c,0x7ffe5793cc58
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,3400308796458615315,6410102881156215694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,3400308796458615315,6410102881156215694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,3400308796458615315,6410102881156215694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,3400308796458615315,6410102881156215694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,3400308796458615315,6410102881156215694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4528,i,3400308796458615315,6410102881156215694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,3400308796458615315,6410102881156215694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5252,i,3400308796458615315,6410102881156215694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5160,i,3400308796458615315,6410102881156215694,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:3660

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
4132101c73777bd0c5b7d066e8e34f04

SHA1
a0a4106a9a840ac64f780e1c9a307997f33e1dfa

SHA256
079eac791fb0482e48be16b7f6516c6eeda37f98b883e3d7bc69aaa94bbc976b

SHA512
3bb8530c8c6f9369dd061778b803aa90fd8c8f88b3cb23682d79c59dfebf5a6c54b2efe7419c1fdccf396e91778369084ef170a7a76169c982bbc9c7d2a7a556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
061ba3220718e11b0b25d55888fdff67

SHA1
6f4c033f5a189566bea2f5b5ac971995ad449dbc

SHA256
af0926e7ce5ab5cc5f9c2509110ec92eed17727dada648d69325773768d40052

SHA512
1338f898aaa5df5094b5a5454efe04562bf22f5db8d4a4d8812da2069eee1e7a014bafe2b47187910085991428e1bce088ecaa6f6b2fd7e4f4724773f8adc74d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47efd5f1fbfe0269b2b663a6e685282c

SHA1
ef122d8b11ee8fac3f49ca512cbfdac579eb7cfd

SHA256
06c600740b117c3d210707b13b2353d4d711df61225c36add228cbad4d55b7bf

SHA512
d32188ac083da931bea8528677b3bf9fa5300ff86da0b8049608b73938a7a36f686ac91450ba40bc0c08a5e514cea2e2a912d3466db94f3df5d3dfa09882e539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
922c73d0257acee15afc8e8cb13d5f6d

SHA1
3fecc5a1e101072b7f5f7de0a3f75167a796d5a4

SHA256
474f367572baa00966f1bed11dfc162ce3c478c60456029b3f26be2ebe9ea947

SHA512
39da209f41ed2d0c265c41607a5c18f5f6191a288bff6769ccaf3f1fa47109d90616b2cc8daef9ce30f57a87d08c51aef572eefcfd627f5511fc3795377247da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6bdd4d302961972083827705dd289b63

SHA1
5fc59093070f5ccf82e50e00a551c5c5f7a01b19

SHA256
3c1225aadeb52974069cdc13f79b60da11d98be225aa4faf76ead6294508f46b

SHA512
7f9e99ab9fea55f099102650b3117c476cc7feb04cfe707cb8623d0e62c96cd007202896ee0510c7a968690d474c40f74e3844fb61c5537f8d1271fa8470c204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de245ea25f25c2a777a2182c7bd50e98

SHA1
c123d89ef014f3824dcd5f8128cdd072d816ddee

SHA256
4407e0f1ec9fcc32d9b3ff82691cb91c9a7361fb4c9cfe6ae0dfffa2eebfef62

SHA512
4fc3fd3a1107d9b274d5f9e8ae020888c25b75ce72c242259861387f8aaf8580199cf79ce81730cddc71b967087cad21e4f2bd2f239428866c535fad897ad185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3afafd6d314d57b6351930242b795611

SHA1
93065d7fc20ae6bc87757c52369431e315400e7b

SHA256
4e3756e7213903e9668fe1f9ccdf4f548322405bcdb95962b2c5397b6cf248b5

SHA512
6a586ce7f54d29b4caa9206b387ed7b9b6858d75666bd770910efc56cee0e1469ef30aa26da29c511fdebf2062cbc23d3f1e20df42fcc7befff43a2dff4a9934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0edcdfeebfd81cdd02416abbd4e4811f

SHA1
2992c96a738c6bb1a365d16d1207a71db32d1f35

SHA256
2c68b1e522747d8bb7385d04390260ce432fc3cb59ca0b2c645009de6d993d0d

SHA512
3c0d7eb10c56e0802a90372645a2b4355113fbccb5f8bcfd211a01cb697a8e7fa39e0ee3fef8e602cf5d1dddb691b178050be8c3126cd6ad95f0743c5c525771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
01e6181d6af333f11386a61603101d5d

SHA1
e62dc29eeddd2921b9d7c429e4ffccb4ad2cf204

SHA256
f7831ac0d9567f8d7c9a23662475a6eb60b5844d0caf20cf6f58f54606d4656d

SHA512
b7b637606e7d02adfd08692c971ed409af256622e026dadbcd3b09426846df79650ae5cfc24dc26a9cf2c47ed60f752cef111098d234a42b51fec3e99262d2d9

Download Submit