dd8e4573c556133f1a48f6b9ea5d79e28be2d988bf0160e7e806fe26f2816d05

Analysis

max time kernel
48s
max time network
33s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09-10-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

images (1).jpg
Size

8KB
MD5

5bc8d7a9a6e938e42d50bca535e4f8f6
SHA1

2b40077ae02a04eb839774512c060b8b73e916f9
SHA256

dd8e4573c556133f1a48f6b9ea5d79e28be2d988bf0160e7e806fe26f2816d05
SHA512

9dcd851cf758c781989c59d7782298130879a5c24c6c7da60e03287965ab01c242aa870b170f1e65d729a7840e7f120d36bb89c0137cfee10966981eae66031c
SSDEEP

192:oZKLFTivMAhwBKSq2CKJ3YZp4lDEUoZcOaTsXVhn/6hh9dz2oeWmU:/I76jTJ3ld1ROaTCnyhh9dzzdmU

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133729604598634731"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2728	chrome.exe
2728	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 4464	2728	chrome.exe	81
PID 2728 wrote to memory of 4464	2728	chrome.exe	81
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 3576	2728	chrome.exe	82
PID 2728 wrote to memory of 4456	2728	chrome.exe	83
PID 2728 wrote to memory of 4456	2728	chrome.exe	83
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84
PID 2728 wrote to memory of 248	2728	chrome.exe	84

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\images (1).jpg"
1⤵
PID:3740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda710cc40,0x7ffda710cc4c,0x7ffda710cc58
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4628,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5096,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:2480
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff701474698,0x7ff7014746a4,0x7ff7014746b0
    3⤵
    - Drops file in Windows directory
    PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4276,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4712,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3156,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3500,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5432,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5552,i,12761222901752477760,7894478543961788671,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:2320

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
419KB

MD5
4f47bc9f4481567b40fec4fde8f93604

SHA1
ea45825b010dbe294b74bc1691e498fa5ee9d6f2

SHA256
e72f9b6032b72a58df9122c07395a66919351aa7587fffa1e03adcb30bff8b68

SHA512
de2604914fb65d4715442f43ccc45ed93941f29f01d7ced0756621fd804695cd605fe7f2a391d22b6d97399cdb069083bab105c8754a766fbf7eacd21e8bacc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
84e75291ad9460a483c61cfc8739e613

SHA1
b4a3fd07c81a6e894ca43892120b1e529c6d6259

SHA256
a832ede25f4a23833f756c545775edc27dc9a3951c3d731b98b23f99b2cf9855

SHA512
a0d52988d2e71e3a66b4327a9d1ce7f0f05fc736597f29095265fd67a7297eed76de70a701b958c3d6034f42ea5f496fcae36f9e3d91365fad4da09f973e6128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
bfb413ea8cca6d270fbe9a647a3a0fbf

SHA1
bd66e7870ab5bb3644538f98d60ad7abe85c8071

SHA256
947ee6b862b10c066096939433ef75b5048682e6ce38ffbdb4f0cd620925f808

SHA512
60771dc98b4b2ed545e2eb93bf19fd5220da8446963af496a1bd74d5f7e9edea6e6fb3f6750fbd091f595d6d633f6b2c643c7e92e31317b48d60881e42d8f6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0afaaf1697e2c3873c2a5033e26aac2e

SHA1
f83c83b6babf2d414f0d40162f52d5b1d96d22b4

SHA256
8c5a680e70f00c03bad64794ebffa69be5a93ef349c8028cfabeed0db97d0011

SHA512
9fbac6fecbc2ed93a53d6b5b5519113e0ba20aa5bba210e3211822460f66645f5fd09c24c6df3caf9efd88c09fcb781c97056042f550c9db9c65a39d18076b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27c3c03fe67f45e9fcda55ec0b60e1c0

SHA1
479ec023a928da42b9a8e34873e87113c89e64bb

SHA256
6898587bc3fe1213686e8babab8a22d012afce0663c3a04c1f81ee9c997d3fcd

SHA512
0d7e13a484134faaca2b96ad53a7cc2a6d692f1df18f9286ad8c41166204eb308bdb0df9884a713f0e106b702349c7f4eaaf0e06694c3fa1a9a0d75e2e2e85ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
46b8ea77dadc775bcd9c3c29ff9dbbd5

SHA1
7f76b23dc58a06fc05e11658008522cd0855b872

SHA256
7c2787abc4a1e6731700f0d339abe48b998b07e06aeccc705a04ab3aa1ab19cb

SHA512
0be009dc646b4addb0325cb4af1183f03d3f76eb609862d34861937c0bd744ec66596ca6daf23ac622a30bc368a5e6505082706a7cf708da17cf8e1a8621b66c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
79bd2acb962cf0fe4cf1963f37bd389a

SHA1
66fc95e0a5c92f67f148789b2da4779da89988ae

SHA256
91ad4704511f20fc82ed540a9dcfe40d62958e8332476efbe3f244ba61befdf3

SHA512
c564531541f164acc748e136788f33bcd038dbb79bcf40e0cbd45998e337ff02fdda49ff06e7561413afb1c6569ca9e5c85b7064e02f9551e308fef0209dfc9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2e96cc91eb5341aca0771f426d042d12

SHA1
7115c6a0eb79d756ad06031a8dd09c6d248bacca

SHA256
b2b359ee4f833b3fc358f2eebc903992c2fc2337b5020e447d3412c450c81ab5

SHA512
17b6a69020e6e76c4241e0e85be97956459b0b44a42e973d6a3add571ae3d2452ea6d415362c42f745fc0bde9f4d94b2faf3e1303458b012ca461d5653fd3f43

Download Submit