hxxps://www[.]google[.]com[.]kw[//][//]url?q=querywres(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fsafrareal[.]com[.]br%2fyoya%2ffwkiq4irjop171nxanyqtmwbeo77qf8qkvpe7/a2F0aGxlZW4uY3JlZWdhbkBhcG9nZW1jYXBpdGFsLmNvbQ==$?

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 20:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com.kw////url?q=querywres(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fsafrareal.com.br%2fyoya%2ffwkiq4irjop171nxanyqtmwbeo77qf8qkvpe7/a2F0aGxlZW4uY3JlZWdhbkBhcG9nZW1jYXBpdGFsLmNvbQ==$?

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766079251890028"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1972 chrome.exe
1972 chrome.exe
4140 chrome.exe
4140 chrome.exe
4140 chrome.exe
4140 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

1972 chrome.exe
1972 chrome.exe
1972 chrome.exe
1972 chrome.exe
1972 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe
Token: SeShutdownPrivilege	1972	chrome.exe
Token: SeCreatePagefilePrivilege	1972	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe
1972	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1972 wrote to memory of 2356	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 2356	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 4380	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 2908	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 2908	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe
PID 1972 wrote to memory of 3560	1972	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com.kw////url?q=querywres(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fsafrareal.com.br%2fyoya%2ffwkiq4irjop171nxanyqtmwbeo77qf8qkvpe7/a2F0aGxlZW4uY3JlZWdhbkBhcG9nZW1jYXBpdGFsLmNvbQ==$?
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff92db7cc40,0x7ff92db7cc4c,0x7ff92db7cc58
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,8288802596784829834,14091245284690114322,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,8288802596784829834,14091245284690114322,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2124,i,8288802596784829834,14091245284690114322,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,8288802596784829834,14091245284690114322,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,8288802596784829834,14091245284690114322,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,8288802596784829834,14091245284690114322,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3996,i,8288802596784829834,14091245284690114322,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4884,i,8288802596784829834,14091245284690114322,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5072,i,8288802596784829834,14091245284690114322,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4752,i,8288802596784829834,14091245284690114322,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4140

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
21c50acb4b229920895d5ab468c3b804

SHA1
e97d58a1e3a5ebb85ee4f765f171e33317281cb8

SHA256
087ad9b23d2cc550bbaccce95ed54d22e1bca5452f5ac8623c8ba8e27ba07da1

SHA512
9b9e6c6deb645b8903eb76d93ae2bfee8ad942412455513cc48662698deb17f6815c6348222871b66cff3b48b7dcb79d8d680c74ea2e600703e4e9d809a619e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
085b7ab2da329a15de8da72c1ef05918

SHA1
77593cd5338793d405bdea35f6231fec3409b85b

SHA256
a632ae931af8d7f9329b5cc51db245cd0b2df95e506eaf2caca4a956bf91c029

SHA512
3baf879950903ebc640a50692dc06469bd651c02a9f6c27060414f96981051189326cc4df29e342920920a18a1dad0b9fb97eab00ddddc130fe1f00a639e1226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
3931724aa05fa0327a0c75aa803b581e

SHA1
4bb41e21ca312035bbc3863797cc49e838bfb028

SHA256
202a3b11578c9d9eb771fc5e7ce9e24e4a2fe07fb35eca666a28ee0d8f2be8c5

SHA512
ede0dd2cc3621755f532e1a36559f8c8a3484c3e1f4f001b98f574cd0cc000cd4faa080559391abccee7e3f1cbcd047f9e97b46d5eec214529aafcaf785ddbb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3bc748b5ce46236b4bfe4314aa128f74

SHA1
b7be8f64350b6f99631bf4e56de1f984838b2071

SHA256
6eff039e9e3fe7aa021e50235223b4a00a09361213acb158459e5db7679dc260

SHA512
f0b3948ad97df3d2fd50caf31c790c65fcaf26c9c8e4f696b1b91b60fd2f501cded256137ca808f24c69ab638d6b39fde8c08840f21216823507e01cdf6ea0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b0df2dcb8784b872f04e78b151d8338a

SHA1
19b27113cdaa8a53d403062044214b29b37467f5

SHA256
34013f0c3c206d2f6f71c052723824dbb3c30163cbd00e661c0a6d4f738de7b4

SHA512
c6f2a238b478812516ddc12309091af0112cbd23453e8c1603bf4d26e6c76a79bd39920680b64644a5d1d496ec95845e21b0a732a0121239730257a7e470d3f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b2f58e359e957e42690b003f44b5815d

SHA1
184a37cb261c5d2a8c1ea089d2ba714381269440

SHA256
36a11cac9e639c12ed7a2a2043af25331ca15b5c7a13c7369ea901ec61e17437

SHA512
81263783b38e68e1b402f14ddcc3c953f7a357af1cffe763a92854dbd877085171cf851a8c93c859dbe300b2dcd0292c2f61f81e97315eb3a8f55e3b001983bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
142ad19f044cddad7652f1611f540790

SHA1
3c3f88952b8bfdb68e076485d045e9c473cc3459

SHA256
d23aa7054ff153941040f3aa54a4d5d377085071acede2aa7d76a23540162dad

SHA512
775ace382aada31853d2ad72fb0db351bcd2ee97821dd5f7bd523c62888c16162ca248e0a9e7f447eef2c25350a03f8de808dac08d1236dd84f841e1af9fdfb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
88787c16bb552049b3be3117a0bbda56

SHA1
f7a6c57bd711d6a2ce7a41e98288bb1d2c1671a1

SHA256
8cde80277b44ec80fec74fc21612d80b3f18a49a8a8bc6911cfa6da6a7b527b6

SHA512
1a0a2601392217ffdb29b120e1989c132763daaedc7076143cccc6d83e64fb5de70d3fc4474b42b063b461217fbee2f71d383e58e3932e50862777982068d5ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d09d87d7-dbab-4a8c-97ee-28e0a23b7528.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92a7e5cb59cf142909d91be3cba35e75

SHA1
1efe88a62b0ad8ea4a01530963c321f97bf2f10e

SHA256
cdef355e972bc17532ae674818d7ff3c78050b33de104c7e6014685df49196e8

SHA512
5f53f72a9a7a92937c2cfcb202a8fb51c6eaffd0c7d05b2abedfcadba347721c87da37e3a58f54f52298fced502a95256fc11a1313502d380dae76ba3c3d33fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b36b10607930b6fd311798ff74a522b

SHA1
3ef4e8e0c5454649110d2f0a24fe4238c0804599

SHA256
dc214b588582e52ce4f0f80f56ab70864457452a5e32bab0bb33586bced66c0f

SHA512
4d7957ed89aaf433a38df2169e98b71ac3e61467e6a4fee0aa111888ffbd5b256a4fba3182dcf58cca339a0e62323e60a8692937aa91ac62f9acf8b5c917d86d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c8c666b2c5c0c44bfe9f3f404ef184e6

SHA1
ff01f51c165891fdc278fb371337e6130a79b791

SHA256
61ba059fefa1041a66009e83dd1f3c0f10d1e6f52644a40a8831cb50d0d417e0

SHA512
a6ca1d5c4461374023fc857b44e54993e8ab81303a9b4a8ab7186188fbef79e7b47f8449e7fe88c97c13a8764642133f5a50bb52447e8d129892ccb2fd158c9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3fe071515fbe96cb0e868e00ba47160e

SHA1
fa89683692a809c0e513ed2f384cc8852da95059

SHA256
21b373f4ee1dd40c1b255678a1640e5b4fb627d8d72b982820f7885aee0218ba

SHA512
5e2b65df3d1ad7456e52965963431820cede2bfd2aa969ff6729ac14e0456a7cb5630dbadb228b64cd53e09b0b4898c6e90f1b6c224d04d1704309940c693e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc6ae70012d35e5a5947c248059e0bfe

SHA1
f88d254ab8360e93704618f863eb46bbc26eba95

SHA256
41f6e24144077d4cd92fa57a71364dd50310d68643720baf90e987b72b80ea98

SHA512
b5f1440ebaf9631af5bf41d63407196c60572c8e43cd1582542232478a18400744356d284c9c42248b9359c9c30c080bb7cf7311ae9108a14a7a5d7e71571bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91efd11829ef72b6bbf92b519a47e4f9

SHA1
1683c06506a1d6e94fdb769e239aad0a2888dc06

SHA256
07f8a3f0113db560a4865fb027f7782b89c67bab66c84b2c4f1553dee2282f0c

SHA512
9b06689ac0a5eafb5bbd784c322b546e2263b96af0ddd4d37662bb9e811dd2726e9053f9fac63d0402c2e740d10a7f4c5281b56107d7095a4c8e85a88b7a4ddb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9c0af472929e03607b71388cb7ddf86a

SHA1
a38cbe72f5c9f6de463fcac17b033110ec86c9d7

SHA256
ea971bc7fff2d15a1486f7a6856c0f7cb41178d4a41c42195f7f90d609d66e9f

SHA512
323c5a6d6ce49ee1937050507504c9a2e7a0680fea8236293c3a99402b6537fd4c91eb0c6d7ef836dbeb7c6f89ace6909f181b94d4340f2284a4b444dafd8c2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c1fc0754a7f2bb6a4c5e2f5c4ad88b9

SHA1
ae2be193af5ffaf0bd851e0ba3bba0af1f00003a

SHA256
41af1170b4d184529d34e524cae118a7960a51b8b4d1de1fe9fd9d11d057fc56

SHA512
4b4f9086bf97d8fae708f44054da13a4de941fa881d9fa99a1bbb8492b984ce09e483ec7952c224a1e7c5c7709e44b64186ef98d510fdae5754313fccf2faeac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe130d04cc8df5d1e449da76f1dccace

SHA1
cc08c7a8c3ef977928ad17ca493b49d97f4b393d

SHA256
a4b3c2c4214c3753b8c092ee4a395a31a35e44749dfbcb4b43c5964ce508a9bc

SHA512
47edebf41131d8e16503a002f4af12c04eb4c5b1510aa03c4cdb0f08d844d9540fc456e34b1295500fb0c71e9e345a53e49118ef59821b13c1f67635aa990f0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bfa1fa5ef73576fa6b025dbca9cd6ac1

SHA1
ec138c7cd0de4576338a9f45072ffd5956199966

SHA256
c16d145cc74f476c457ec70a1aed7707d2b7d6d82a1546ce10291c677e6ddd39

SHA512
45430d0786d780aba58e2606f4729b7c3979a74b582e4bc4f19ecdc67838103da25181feef289e62a99235c958919bbd67839a00105680dd25a623e2c95b0ba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
54cb1b387614cdae68f9c4e2da6fc856

SHA1
19fdd007c370ccd77ec6dd29d4ee8ec974c36aa6

SHA256
c47ab9988b24ca9b1dd3bb89dfe433809f0e7b248eed43e39e0b79cc10d76a9b

SHA512
51552d06a1dfafaea0adc1a04c9cf8f30883b99bbf441b1ba8c7bb7726cea84ed387bc0da1be0468cc64ab6288b315fc638e533330eee0ace49aab691cafd506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9adf92dc104f58c3a69f23ee5eaa1ad2

SHA1
d7228314d59f769b26ae2918403433961178fb22

SHA256
9557144a974ed26ad4909ffd008a6cde4e4c01272eaf81ac7c76f66b011df62e

SHA512
7db47e94ca55ca403a133a5e0e7940951bde5db315fcd5c735dc12dc56cf9557adfa68a938de1a71f134acaae6bc28a096099be8ebd83c8bf194f69ebbbadd20

Download Submit
\??\pipe\crashpad_1972_RYNYEIWMKVXAXHUZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit