hxxps://fdc5c3acd2fb03c6c38f670b0a3caa5105f66c7064c6da5a8150d6e23a[.]pages[.]dev/7109e94950ff0e2c16842b0/d0c4a4f54ac639c67f4e26a#TTNDRmpucyI6IklMIiwibnNvVjhETiI6IklMIiwiNk0zQ0ZqbiI6IklMIiwiZW0iOiJaV2xzWldWdUxtTmhibVJoZVVCeVptaHZjM0JwZEdGc0xtOXladz09IiwielRxNk0zIjoiSUwiLCJUcTZNIjoiSSIsIlRxNk0zQ0YiOiJJIiwic29WOEQiOiJJ#YVZEVSI6ImhKIiwiSXFMalMiOiJoIiwiN2hKYVZEIjoiaEoiLCI3aEphIjoiaCIsIjdoSmFWIjoiaCIsImVtIjoiWldsc1pXVnVMbU5oYm1SaGVVQnlabWh2YzNCcGRHRnNMbTl5Wnc9PSIsIjB5dSI6ImhKIiwidTZUSCI6Img=

Analysis

max time kernel
147s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2024, 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fdc5c3acd2fb03c6c38f670b0a3caa5105f66c7064c6da5a8150d6e23a.pages.dev/7109e94950ff0e2c16842b0/d0c4a4f54ac639c67f4e26a#TTNDRmpucyI6IklMIiwibnNvVjhETiI6IklMIiwiNk0zQ0ZqbiI6IklMIiwiZW0iOiJaV2xzWldWdUxtTmhibVJoZVVCeVptaHZjM0JwZEdGc0xtOXladz09IiwielRxNk0zIjoiSUwiLCJUcTZNIjoiSSIsIlRxNk0zQ0YiOiJJIiwic29WOEQiOiJJ#YVZEVSI6ImhKIiwiSXFMalMiOiJoIiwiN2hKYVZEIjoiaEoiLCI3aEphIjoiaCIsIjdoSmFWIjoiaCIsImVtIjoiWldsc1pXVnVMbU5oYm1SaGVVQnlabWh2YzNCcGRHRnNMbTl5Wnc9PSIsIjB5dSI6ImhKIiwidTZUSCI6Img=

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133731648954136621"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 4704	4236	chrome.exe	83
PID 4236 wrote to memory of 4704	4236	chrome.exe	83
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 4872	4236	chrome.exe	84
PID 4236 wrote to memory of 3048	4236	chrome.exe	85
PID 4236 wrote to memory of 3048	4236	chrome.exe	85
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86
PID 4236 wrote to memory of 3088	4236	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://fdc5c3acd2fb03c6c38f670b0a3caa5105f66c7064c6da5a8150d6e23a.pages.dev/7109e94950ff0e2c16842b0/d0c4a4f54ac639c67f4e26a#TTNDRmpucyI6IklMIiwibnNvVjhETiI6IklMIiwiNk0zQ0ZqbiI6IklMIiwiZW0iOiJaV2xzWldWdUxtTmhibVJoZVVCeVptaHZjM0JwZEdGc0xtOXladz09IiwielRxNk0zIjoiSUwiLCJUcTZNIjoiSSIsIlRxNk0zQ0YiOiJJIiwic29WOEQiOiJJ#YVZEVSI6ImhKIiwiSXFMalMiOiJoIiwiN2hKYVZEIjoiaEoiLCI3aEphIjoiaCIsIjdoSmFWIjoiaCIsImVtIjoiWldsc1pXVnVMbU5oYm1SaGVVQnlabWh2YzNCcGRHRnNMbTl5Wnc9PSIsIjB5dSI6ImhKIiwidTZUSCI6Img=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcb0d5cc40,0x7ffcb0d5cc4c,0x7ffcb0d5cc58
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1852,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4340,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4336 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5084,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4732,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5284,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5308,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4808,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5412,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5600,i,17109005585181299511,12589988378458970474,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1484

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2744

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2132e0fe-3b0f-4e2e-b183-0944f54a2c25.tmp

Filesize
13KB

MD5
49808093a351b531c72d06de373aa098

SHA1
7ee68ecda77ea466c0b1115138d0f3764778044a

SHA256
58846e6478294d674b6da76a1f48304090560ddbeaf92dfb079f23907b7c1bfe

SHA512
a7e61deb09e8d45f86e9e7a963f75949923db5a7cbce59f1adcc929c9448d865fcd62674d938517b806f4abff159d67e10d7b8b58012c145c59075ff37d8d293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
19KB

MD5
ffb1f8211d580070470ea800670d93d5

SHA1
e53659646aeea3bef3765be84f2e9153b5a0eee2

SHA256
4577b35c16d4beecef87c6934e98d1f3beda07f38b7ed1aff544b2f589e494dd

SHA512
d5f203fcf25d628ef8ca2a6cb0a8c82453a6a3fd73a22a9e625e9219a0caa1938c29bbd4f426cee5a5e8c3a3e3272f0d5a625a755e236173b6cb03070b52be7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fcaec2c03528a9efefc38cb1ae4020a1

SHA1
5f56e4ab0c3b76d3c42e0f932c015baa0a29b29e

SHA256
97567c93b0fb2d20309271102b2f3d35a877507b1057ed7fab3537e69b568626

SHA512
55f782940c74d2e17bd5289b2d5c90a68727e966a4aae69e424f59f4fd1fa14e170f6d411eeae4997d1c3cd710e543bd0ce20a71b42e531ea1b3afdf42da83e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1aa0a528d0b63f7ca4930ba71fa0a4fe

SHA1
0d155fcdd8363b4c18e08fa801494f43801c342d

SHA256
ecd8390bf730fe66decbe8945156cb347669e6b372b184875af31c39e44edf4d

SHA512
9aee19c967e05967e0c892b7447ed7289429606f548e3886588edb5cfe7ab0ad4b2cc399a6376dabc2991c971d03f2af90a357bf146841a108f1e94988a75a78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
7ee316625f8824e3bd7c0ea62e47d9c6

SHA1
7cb43825a4b44a4fa1f54209320b0e19a9ec0530

SHA256
62616ceb90cc0d98f7f60f499f09875cc47b2b15bf4cb2045511449bf4786000

SHA512
bf9b156e3d96307787bc1a2ff7a88e84754bbd7b411c0b4b5ed85c3305115ad0d6cd017498c0ce95a661602d9509f8a39176b762a1ccb3eb4e9ed61c8cf88ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
329386a0f0dca8bfb372f089771d3cd9

SHA1
3e22af5cdbcfde960d8436ace578cca5dddf76f4

SHA256
6393712d2edf1bb543fef4bbad9add5c1a1692d87866c9ca5f69e7ea7869d964

SHA512
8453ae92d18a5eeeb42c822db6021acb9a28257b231dc74866d5b35d830c323a5f86347a3aa2d51e1a7181102b7ce0f88263b09d3631104d38a67e164673771e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
6a999fc72caea4c044db18cb7031254b

SHA1
0fade3cbe8120a2507e32891dd4454fb052d5d94

SHA256
5af09c305471fb594d60c120e28d72203f4943d9f7474add78c569e7288953d4

SHA512
2d731d7b394ee12286002bbdc63805bdc61863394837c4d0cc6203cc24628c211e95478304fc7f3dbe92a2c04eda5547b92999d188e36252e69c067c65644324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b473ea0a88e5d2c8484962dab664c99

SHA1
ffc9214af1918939349c3e86def010654d3a7e06

SHA256
8a50ea690864d18666e7edb493c33b95d241141130f9fbf61a8a2f632abe61ca

SHA512
6815443d2204918e579a51c358a0405178617c625d0f293cb23df29ce7ae18a8a90b06c4e0ce0981ea67fa394c28c627af27bf3e47e88bd640ea976dd3d59f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7dfdd250065c85d5b469b9107f4e3fc

SHA1
aa1b6bb0b6d1bfe3f881c53a7dd61ffd60cf683f

SHA256
bafa95a8df3112d8d253040523946bf21e544f87e9ae709a376e6ae5be7ebf72

SHA512
095eb11ee6f7ae57e91b69ad390408b88ba6802b5afba0562a7aecfa22f35a23fc4d7d352a62d7e097c5415520f64c820ae231d1a7efa73267a4fa521379ef79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9064cbd0f74216cfe2e400318a3a26ed

SHA1
17eb829773ebf200670ed1df92ca64bf39897581

SHA256
0daafa481cd6a6d6b91257b5796e0b5cae19ddba6c194c073e29a7be3bbce470

SHA512
133e423e992981e127b59c5a883686f3c509cb362c8c219207a3ddf7ec4bb400df0c94e6b36d6c90e920defef5d503ce8d4b51bd72f43f1aaa7eca1472764c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1b9ec05c4dcf77b3d5e9da6cfb3565d

SHA1
a8ac789d67c836be04f3f223c03e1147024f9d41

SHA256
da2100aea59dd989da80c99eb1cd4ad19b5636599de59febc9bbb202315fe592

SHA512
b4401273f900fa39e273bce1975a749d0766a18d560088c2a120b8d6cd0331c455472e8d39ebcc4dacc471d671795e039610601fc018842f2286c8149b5c05d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
fe20620f37468533a810afa302e19eba

SHA1
8da6b79be44d9b1ac129d857dd49d6e4756b7e46

SHA256
53cd4f696909126afbde3715020537c3a82c8c19b3da6233fc42877aa007fa31

SHA512
e73f9f380a2887942a7b2775d5f3db757d458e034f5baeb23eb9bbc4954b88783cfc962fb30c95444372f3adecc5be77e8256f0df3032f69c55460c8e246c560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca6979b45eda6446e67f3c187db92a35

SHA1
b48f904b54bc607c1a5915258cf98d131558e01a

SHA256
6f2d884c71c4bac678dca987f0e2abf2ee9b1de1f3c97f3d51099dd89052b548

SHA512
b7ddd4f9d943466b63151df83568e3641f47d65169d40a1e5a88eee3bfa6407e14fbfeee52b7a23289ebc85c267368a0486e66bbc0acbd444af78d3e30222a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
403cdc893233e8d5d4ded0f53c1a9116

SHA1
2273a48e761e24eb651e5c53de457bcc4141d0c9

SHA256
6a4305d54848ee9c10d9ec4aeb0f97c1fc5297dd6deb0588ca21079b15d138d9

SHA512
1a930cba12ef8e7633793e60ff222e140bfd654f80d5684641b5408357e313c2cc050db6f570057d2bd5c3711dd973364ca289d763c6c156c0e4f5ef23089d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
43ca04c4b37da059ec0f59105d2774b9

SHA1
00d5ff1efeea7a1233d9691213838169c1c1caff

SHA256
87906f13a66a50d6e931779442cef1b6c0ff80b748269d977b5ccf7570664bef

SHA512
797063ce9d8d1f1d26dae209835adf1844bc8e7764e4b1af16756073f797c6ece7690e912678d990b04fb388f7381a1fea6e73777e090fe0562a94a5e2ac6782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
8ce8310cdd0adb684263e82c4dd42e6c

SHA1
37004ecdae40959bac9f65fbbd886d81961b23f4

SHA256
ff540a8c882293dffdadb7b904bc6afe8483bc093b7ac495400b1d47876a3104

SHA512
b9d6045e4f717767d6015135ae22d9686f9ab82c8fa9eb115301d1fe576ca494fc327b9f3337e4ccc8f5345e76bedf367e42c436935fee0ea7a2bc2f86b09093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f4d1cadd653111c61761041f6cb57cd7

SHA1
bd21113bb405d838b7b661ddf972d2d8ce00329c

SHA256
e28165c81c60242a3602e961390fd8fa302bea6699b549b65719fd7336891268

SHA512
2fbbdecbae7923cf8576f8c0ced5adbe65ed646b9b45fa426beca294b94508b056eb0e8702761edc015651e98fb1ba78fdc214ecf398cfbf351b080c8c7f7abb

Download Submit