Analysis

  • max time kernel
    74s
  • max time network
    75s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05-11-2024 11:29

Errors

Reason
Machine shutdown

General

  • Target

    pics/scan_19bartlea_2019-12-09-10-50-59.pdf

  • Size

    66KB

  • MD5

    605d3392a2715334598b9881aeff3adc

  • SHA1

    a3e6dd9213868b28a4eada28f0a60e2cbe1862b4

  • SHA256

    af4889bfef9517a0514007bdac526e780784fd120ee37087d9b37d889e4adbc7

  • SHA512

    9f981aaa307be12980a0d38a8ef7194e40f8d08f3e59b2e03663e0e4d97278961c8679852ae0b2b72e7ab390ae4478ffd6e27247243a47f0fd1690f23e47c3c8

  • SSDEEP

    192:GZz+5wo6ggQs2U5NLVFD10nsQYQD8/Pqg5+HwnStq86bq+3r9l7:WzQwo5gMU5X/QYQDbu28qeP

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Windows directory 4 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 28 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\pics\scan_19bartlea_2019-12-09-10-50-59.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3128
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2AD2BC92C86E01DF85E70DA5DBB5B1A6 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        PID:336
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3A7202A4299FEC9D0A1384EF02D01729 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3A7202A4299FEC9D0A1384EF02D01729 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2776
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=293DC18BB06232B28B06585D5813BDB6 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4696
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A39E698A969B6DF42BA4D4D785375FEF --mojo-platform-channel-handle=2352 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2220
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FB952C6A2F31517B9EEDEF73ED166696 --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4420
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5F82410F66594BD572F813D0430158C4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5F82410F66594BD572F813D0430158C4 --renderer-client-id=7 --mojo-platform-channel-handle=2444 --allow-no-sandbox-job /prefetch:1
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3836
  • C:\Windows\System32\CompPkgSrv.exe
    C:\Windows\System32\CompPkgSrv.exe -Embedding
    1⤵
      PID:392
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4840
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdca0cc40,0x7fffdca0cc4c,0x7fffdca0cc58
        2⤵
          PID:1472
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1840 /prefetch:2
          2⤵
            PID:1880
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
            2⤵
              PID:1872
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8
              2⤵
                PID:4040
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
                2⤵
                  PID:4604
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
                  2⤵
                    PID:3344
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3576,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
                    2⤵
                      PID:2500
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4652,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
                      2⤵
                        PID:2876
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
                        2⤵
                          PID:2184
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8
                          2⤵
                            PID:852
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
                            2⤵
                              PID:3968
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:8
                              2⤵
                                PID:4052
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5004 /prefetch:8
                                2⤵
                                  PID:2116
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3788,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
                                  2⤵
                                    PID:3112
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:8
                                    2⤵
                                      PID:1944
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5456,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5464 /prefetch:2
                                      2⤵
                                        PID:956
                                      • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                                        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
                                        2⤵
                                        • Drops file in Windows directory
                                        PID:3144
                                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7ce494698,0x7ff7ce4946a4,0x7ff7ce4946b0
                                          3⤵
                                          • Drops file in Windows directory
                                          PID:2116
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5652,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5700 /prefetch:1
                                        2⤵
                                          PID:5072
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3168,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4368 /prefetch:1
                                          2⤵
                                            PID:4172
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3208,i,10450008141860382892,16075675442562159053,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3284 /prefetch:1
                                            2⤵
                                              PID:1800
                                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                            1⤵
                                              PID:2456
                                            • C:\Windows\system32\svchost.exe
                                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                              1⤵
                                                PID:1352
                                              • C:\Windows\system32\LogonUI.exe
                                                "LogonUI.exe" /flags:0x4 /state0:0xa3a27055 /state1:0x41c64e6d
                                                1⤵
                                                • Modifies data under HKEY_USERS
                                                • Suspicious use of SetWindowsHookEx
                                                PID:4000

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                Filesize

                                                649B

                                                MD5

                                                1dd17f2d8b75c500aea9e1ddaa3e8fa0

                                                SHA1

                                                e58df0896b8759f1c1313ad79b60f8f2ceba6ae3

                                                SHA256

                                                152f07a752b590c0a44981ff1c85dc6c4c814da8b712b08df74f8f0f229f95ff

                                                SHA512

                                                0e2605fdf0f148a3e17aad24291f36dc7af6aad5922ff8787c1516d90457d5f53b4da9328328cb7ab4b970a30d02101df5da0781f027c68f78c2653cbc047d9d

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                888B

                                                MD5

                                                a53907bae77fa86ecf1d62983a251ad0

                                                SHA1

                                                cd7dd6f5fbde52f4a40f509ecd58b8ee928a2551

                                                SHA256

                                                b071f09f6a26c0077b066e2b85bbc8a6aa7f742c0da7bc9542a77179a5f1dab0

                                                SHA512

                                                2dee823bb17f07dadcb9f07c66681a0241b51651a6f70d4e9efdc423be45d51d5838249788a9d7b4c49278ca604ba5e7f919a5540e149d857b483d97d57faac6

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

                                                Filesize

                                                851B

                                                MD5

                                                07ffbe5f24ca348723ff8c6c488abfb8

                                                SHA1

                                                6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                SHA256

                                                6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                SHA512

                                                7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

                                                Filesize

                                                854B

                                                MD5

                                                4ec1df2da46182103d2ffc3b92d20ca5

                                                SHA1

                                                fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                SHA256

                                                6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                SHA512

                                                939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_whatismyipaddress.com_0.indexeddb.leveldb\CURRENT

                                                Filesize

                                                16B

                                                MD5

                                                46295cac801e5d4857d09837238a6394

                                                SHA1

                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                SHA256

                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                SHA512

                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                Filesize

                                                10KB

                                                MD5

                                                0d3d1c4a3868f9d9953e019c14f2064a

                                                SHA1

                                                605ea4d58301fdaa76500d24f116f87114682d19

                                                SHA256

                                                34c59b46c121972d8c5667e57e392a92e11e38ab6d903b802f69bbd81aba8b3d

                                                SHA512

                                                7bf9ee37ec639512ee596bb2e88f9322e9b12c23d92ee3ad7be8a972b42eeccb6d32a6d65cb01b19b6310ef8f2bfae0935fb2e21c318dc6082cbc2de0cb0d360

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                Filesize

                                                2B

                                                MD5

                                                d751713988987e9331980363e24189ce

                                                SHA1

                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                SHA256

                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                SHA512

                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                e7a6db2a68d808ca5492144701c5173d

                                                SHA1

                                                8522111080eaa4ae9dc2b679ac3be8229c68f335

                                                SHA256

                                                695aea8d21da23b84f8f7d6833968f36a774291b91f51fdb86732e3d6814a563

                                                SHA512

                                                aa13ef60104a8f50b627cea13f967e33ea119829f0a85ffdb822f47faa95ef32346e23b6f16760c8ad0faf7dbbaf200fa774a5a6e630c1b9dd8691ecff951f20

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                356B

                                                MD5

                                                5e06d7abccdcfa3fddee4daedff123b6

                                                SHA1

                                                2119645d03a1a3cd8def37233ca337bcd48f9e9a

                                                SHA256

                                                d5f351af9056c80cb3ad5f8d89430a027e87d51a9b81620fa7ec604c3ac65f9c

                                                SHA512

                                                2d5705b15797e5fed41c95371a9b03665f5a013eb393a6c70a94eb90bbb7a13fd3963c6467e2dbb61d89a342892c661a9a53d05d1f22911422cf1bb99ee36813

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                2dbe60c3caad607576f2ff8a9b6d20ec

                                                SHA1

                                                e43bfe173a9a1f20e619a0632eff754601f9dabd

                                                SHA256

                                                6f94b33a7b62fbed10038f13436ef2a5d71da9172da4728f207eb83650fd9567

                                                SHA512

                                                1658bfb2dabf272d481517ac45b30f32d6f2598c5ed123168fa2a8d50a3d0188d52ce6a039a127702c52a336f8ff012753148cf50883a77ebc26ffba071883bc

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                10KB

                                                MD5

                                                a3300849d926e5a1da8c556b39ece1c5

                                                SHA1

                                                7e5d052fe89b0710f63ccc4c6311a807ed2ff183

                                                SHA256

                                                e1206843b8669eefd09d25836ab47c3ff8c55dc8bfaf0fee73223a49e6fc5f21

                                                SHA512

                                                4e34ceac43137b049758c623a32b3eade4dbe5c941df7ca71a057aeab74d87c8e5d95e4e2d2dc3d3afde0723bb59350811703023b1437fa2028040c8aeed73d0

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                9KB

                                                MD5

                                                9bac46a297bc90bc94a297407ae63acf

                                                SHA1

                                                3775e1dd18e391b9b8a72d4269d298b07848ec75

                                                SHA256

                                                5ff0f49a2e00ae2540321272c8ae7cc6c9de617b51ecd7a437debeb506f8f81d

                                                SHA512

                                                d235ba72142eed46af92a355c4e9217ade94aa9296eeec0d9c0d199f837a60fe934c0799384ff2774e1d6a7215669020b4a5f5389e1627a93b2317a7c42b3f00

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                9KB

                                                MD5

                                                9f1eebd44d7ffe447c6c5b48d1ec4fa7

                                                SHA1

                                                0ac23b727e7c3abea00c0b65f0b05dbb0acde50d

                                                SHA256

                                                afad2ff0f3962916f97575061ac7dacaf63b87b4b642daeb0a16ab4aa6c94eee

                                                SHA512

                                                88a55fd5360f2154de79569871735644583feca954b185b4d54d32cfb7dcbce78914f053249e62f91fb07e5caaaec06bf5ba8142f33f642c18ea3a4b661c47b8

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                Filesize

                                                15KB

                                                MD5

                                                d9edbc209fc999d44a35f49d1a62822d

                                                SHA1

                                                6c3d0779dfa0fb3469c92705573c73303d905abc

                                                SHA256

                                                2536d22aaaa1a529b4c396afee1a9e2c50dd68d9da96e156bcfb93ccf1ab0661

                                                SHA512

                                                6d944bb2faacbc104b13e0716e699d296b59f1c8c775e519441609932101029c8919a631640bd5ce66a9332b403d399429ff4a1850de9e7696163968fe2e149e

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                Filesize

                                                72B

                                                MD5

                                                203ba67afd7eb7a8b3d0fb6c57289d58

                                                SHA1

                                                9ab6e5adbcbbdecda1b1048e09c9532fcd32abc7

                                                SHA256

                                                cb0be667ca5ebc5449c6e2245314c2ff3f766bf71ccb682b13fb79f5eeaf5dc9

                                                SHA512

                                                98049d401bb329b2fb01b67079c5fdf55e5ac9755b57afa1ebf9e6fa521f742d727b627dc3f1c863180021683d3b2c7c40b184406335dfee4159aec4fa56fe72

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                229KB

                                                MD5

                                                b30d620b39aef2cfad2e4898cd4f91d5

                                                SHA1

                                                3808f4a9c56054008780b2d2ea5987cf127984e5

                                                SHA256

                                                7c77451f1a62d495019147a513b683ef894f0b6b05ce88e1e0b139ad35081db0

                                                SHA512

                                                e9d3217e73570d8053dffd6453b878c13273b028675f8d59b79e33926451be30739dcc2477806b75dd03418b1b5a652529b96e9f00087cf5f159ff41805315e1

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                229KB

                                                MD5

                                                39535334410b91fb2bf0fd8129add8e3

                                                SHA1

                                                b690a486235a94723431b4e628e59d8fcd51fb8f

                                                SHA256

                                                fbfda400e5f79897a109acd0805b4450eb55d3e2b7eb63464079bf85e927b1ee

                                                SHA512

                                                dd2b807fbf347b63ba62fea2b47f3ae7771a535f68b646a701f5f75ebd2367e6887d73d2a4cbfd73aff1f9fe44b3aa717e9a48a34589838d931ecaaa9738ff07

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                229KB

                                                MD5

                                                a3088781a7ce321e7b58cf5032ec8527

                                                SHA1

                                                cfd03f54b3884f375cd833185c0c26a424ba04d5

                                                SHA256

                                                e11b4b25c44fd4efda2f4e99b43b9e8b49b07dd5ff36adc0f0aac60538ad00c4

                                                SHA512

                                                561fcbb2129051fa39b533c2de82b393cef7793f7be73c7a98ae5e453238b3b46bd6b35d5c7ef7eb760c6ad2cdea23d988e5eebb4c05fa89121fac328cab7384

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                Filesize

                                                264KB

                                                MD5

                                                c531f0ae6f99251c23d0a8b275079a60

                                                SHA1

                                                4da4251ed0cb335c3fe6384aa5d471c5b7b16538

                                                SHA256

                                                33c8c0d7700e24b34f81991363f2b6da4be2e692cfe7efebe26d7f52afd04179

                                                SHA512

                                                f135cb5eb7c83991b9a29090c6a64dfa4ff5e95dfa330d83b21c8d4e6b39050d99feb2f5dcfc3f5929507ec8a391234520de6a69fd101d31e112e65f1d26af1d

                                              • C:\Users\Admin\AppData\Local\Temp\scoped_dir4840_384819705\56b838b4-ed48-4a23-8349-150f51ea6366.tmp

                                                Filesize

                                                132KB

                                                MD5

                                                da75bb05d10acc967eecaac040d3d733

                                                SHA1

                                                95c08e067df713af8992db113f7e9aec84f17181

                                                SHA256

                                                33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

                                                SHA512

                                                56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

                                              • C:\Users\Admin\AppData\Local\Temp\scoped_dir4840_384819705\CRX_INSTALL\_locales\en_CA\messages.json

                                                Filesize

                                                711B

                                                MD5

                                                558659936250e03cc14b60ebf648aa09

                                                SHA1

                                                32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                SHA256

                                                2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                SHA512

                                                1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727