ed4b5505ac6b34adf2553db0bd5ab252047dcbc1f89e762ba2bb376f106c32f2

Resubmissions

23-12-2024 19:08

241223-xtny4syjaq 7

23-12-2024 19:01

241223-xppd3sxqev 6

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

argon
Size

272KB
MD5

00c7958999ac0e2e89aacbf98463da3b
SHA1

ebdec072a0b0c402f52d0ea2531d3e7fbb1239f0
SHA256

ed4b5505ac6b34adf2553db0bd5ab252047dcbc1f89e762ba2bb376f106c32f2
SHA512

7890329ba8750296587a2477d5c2ac4992cd56b6e036af7fc78f4a771641bb83363b560fa9e1a9d31116217750a7ae903bff860ce7030331d0a9d5501217837b
SSDEEP

6144:sPNPRpOL/saqkPV9FemLtcIDSsmwm9SvZJT3CqbMrhryf65NRPaCieMjAkvCJv1G:qNPRpOL/saqkPV9FemLtcIDSsmwm9SvP

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
135	raw.githubusercontent.com
137	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794541757462178"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3244	chrome.exe
3244	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe
5044	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe
Token: SeShutdownPrivilege	3244	chrome.exe
Token: SeCreatePagefilePrivilege	3244	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe
3244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 2780	3244	chrome.exe	88
PID 3244 wrote to memory of 2780	3244	chrome.exe	88
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 3312	3244	chrome.exe	89
PID 3244 wrote to memory of 1944	3244	chrome.exe	90
PID 3244 wrote to memory of 1944	3244	chrome.exe	90
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91
PID 3244 wrote to memory of 2908	3244	chrome.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\argon
1⤵
PID:3300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff0a4fcc40,0x7fff0a4fcc4c,0x7fff0a4fcc58
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4500,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5100,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5140,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:2
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4528,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4968,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3384,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3756,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5348,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5364,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3232,i,3301243569117019742,7884250431039194715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4484

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:780

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c10143711aed0fa17a9363ce25c08d48

SHA1
08bef44a1999cbc67548d233ef6e7b7fc3b4c5e3

SHA256
3915eb25a8cc7be1b1279ad0232490580d2953758f151699e27f4e434e8d2066

SHA512
3aaa206609c6129324a7fd4894a0301ac8dae82d3a324b22af9539ec1afd286c080b0f03291c403baa19595c8d4ee3f72f8574e6e0c72919960d924dc3400b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
356aa62bff761ac37f7a50e600685660

SHA1
e4759e015782f50310d18c27fbc084fcfdc25bb2

SHA256
72feec06e4458d334194d9443e5ac5fa9ef5de9a58f9bf83c04a66d52de6690e

SHA512
af29f84429b1cf82b1344fc275967bf717bd749c231798d29f8f6d1ef15ac2142dddeb9abc99125161252123667390415b58f43a92c7901f725ec56fa9f5904b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
189da935aa91a8e66e681a41b42179e3

SHA1
ca5e7376d01247fee0d64b63219ec55175c1f6fd

SHA256
639df0b610bfb09063a6ff1ba32f43a9d51e5943e9a2a4ff5f3324f3d1b05f90

SHA512
f5aa6f37c89e8b51518be8b592eb079ad843916d467b67b67b114d36eb7fdfc722a32ee64864117a02b322db35cdde7ccb5dd2734756a1879384d2d8490ee460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b226f5724bb4bbe6fbe8e541ffe2dbe9

SHA1
8f07ae0253d13352162795c66f0296e2106da944

SHA256
11df9d60c0658208fd5b68c755fa469894269acc3ca639e1a7d6f40870e5464c

SHA512
088d588671d4da0b8d09dc9b79cae9df230e5ac9c165b73b6c8647e743deda9b5ccff83d5d62a109ee012f8ac5f0a12561f28f2c31372eb96afe110d2d2f5286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c6c76753daca84fedab9e8a05c22071f

SHA1
4d804fa59c2c7f204542701c8cc10237ff693603

SHA256
07b51ac21af5ecef52b32e87e85e0ade83c7e2fe466375d6f647adc741bc1f31

SHA512
eee0d4f88bec26cc4ab8f37f4dbc5e64c83efec05dc4561fac32b218aef7e05387114f7d13d4c3f11d87b48027e8a40aa504b8cde684e4a48d2b11900f4f38a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0124d3c41f066f5981815f14eb81ebf4

SHA1
ef980e388155463b8709c6776a2d277f4e036fd2

SHA256
d710b20c63cfca6669009c2545f678213f8aa8254edf1d30a28ce6cb6073764d

SHA512
4c78e8cd5dff7b008891c35292478ca990ea988edb1312bfc5a5c0c27bb343571fe64b62129940a05d2a325eaf70c13ab6a8c8ffa5897fc00f4213692b38a5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
94556d45afe5d341463760057578bdea

SHA1
b3441c7422213354d51983b66fbf078231eaffde

SHA256
096ab97854dab10ee2c55f0fcc5fa5ca4e607abdeb09897b21487303889af4a4

SHA512
4b976ab1ff1f1206c3a42b83a4aaae71b46ec2faed4eb8214b8a5eeafebe3486c75a5a2e7355322593d2501ae43e8fe91caaece762d195e04a2a391660f904fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d33dfb98126e2530c84fcbebed3838fc

SHA1
3e917634853dc144212a3a787b9c42ad23c47011

SHA256
72f5dcaa66d5b2672968467880f10fd181988b502014b97e7ba19c766943d1dd

SHA512
c19e0fe73217e3e85423595603ad7f252716cd1a378f85d56e8b24dd9fa0990e6a389288160b7794d199de2be829989752518ebfbbef2f15a3f312397c4fb907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
13d5b3fefa1ecb2d6387274fd6e40eea

SHA1
d896b6ce862177248efe94707256c7f24c83ca62

SHA256
4bd15d0a89ac27a2950c587f66e87df5844e941f9d8a69e5e3d541ae7f3eb48b

SHA512
ee59a75ad8a491e74b3cbed60ac25d3e1e7ae87d7b4896a782941b655f308974e7de0b8ccb1fe3740228a52815b066c5ead6ae0c081bd9f52947249212b1c1bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
afdee503d511ce56a436bb216d7a313d

SHA1
714ee669f468f15f487d1f26370ccd01a60dafc1

SHA256
e9ed87b867b466561806f56555f8bfbcd5041194e7b041ed9a3e04d838114d5a

SHA512
ee260af3da86117567b2ef18930ab6ccbca8c1bb7e48679025c1222561b58df78d4b7a4a848797310f485e70a1166fd304b5b149713dd56119eea4e1451e12ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6584bc8d93b1dc7cfcc28da8464b92b3

SHA1
139e8d19c5a4d50416732d846152502ff963164f

SHA256
0146344e9ee916a345b21c433f2a715da2175a0d3c0ac9a4bb72bf874f5854c2

SHA512
d70337164f27055c2b26db633a55e9a31e5a5839beb31ccdeea33b71a50a3653dbeabe9794a29d791809cdf7cbc47ebef6fc017a9689c9166882168746c47b15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a964a737e670ec6fe2594070ac9fd096

SHA1
3e5571ca9293886b377f004de07d031bfde85cb7

SHA256
3e5b64ac63aef012c8b7f0f895ca9ea98f001e570b6a9b78be3f9b76da7aa929

SHA512
affee432ce7428757dc83668557943f7d88087a3cb00550c8f0e15fc8d13bea65db279c3e707a7bb558858de325fcab6630b6b22c086af94650463b49de51e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
60e87ce43808d087fb553043b29ff4d4

SHA1
28ad32af6521bdf952c3b1aaae76f4b49914df1f

SHA256
2327e55ba675325de5de2808e84dcc19bcd8e5ca966454aaa93acb43db7163e5

SHA512
672dab06bc3ec0303abe926e04935587a0fbb92042f6c5de7b2dac9d00a9e35e826e5186908dd772ab6c61ea92edc303dfbaec78f3a5390a49e3cca2c7bf1114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d62ca02764ce7625cccd4236e9d39ad1

SHA1
8cf5e29bc1813e2f5fe46fd7fbcb23c8e8d8de65

SHA256
dd4990750a5184e1e863a7a9cd19f7e842d99e6f7b65c17a085162833fcbdfc0

SHA512
14c26278cb71df8a443069f4a13d089ba148d9815c93cd7beea793cc854684e356a08efe1a6386005f5efb92de4833a90f0937004d73ca81ed61316062cf8ae5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3d36068be3e42fd40a4c326e9d736033

SHA1
75674143b1f28a39e6c0adc4cade5332b0ea8b0a

SHA256
5707301ed80e914d105df3226d45cab38fab95ff716df2c1b48d5c48ec4172b3

SHA512
b9d99b023d6104eb88ef6b2c9dd886c1d8ee1b8f65426b4dd34e01e815e671a9d4ecf033002658467ad502a100f25952e8216f41eb2321c6ceb6c429fd20a8a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
de8a3effd09a7edec58ae0b86b3f2dc8

SHA1
da273ceacbb7d3c25c9f2975aec2b4db91e2fd30

SHA256
08f1b06c319080b2a7f41c6290b1ed7a651c6358f34c3d52d5017ccece743332

SHA512
82589952c6f51d336704def4ff62cb97745f29ac63fa9751e0b8adcf74a0ff8ccbf9d00441e29e9da9c130f0a9ed8fc3e84fb7afb32a3c06b063da8337cc5396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a35572276796452851f89e46e761c92

SHA1
5751333185086af307e55266892d46d12587e41c

SHA256
764fd913834db45d0e2cb8e56d80d1263345d23e7ba7f58368cc36fe21ac09dc

SHA512
d9a2d61f1d7372cd68c91885a4187b687c133148fd6fc75647b13be07929fcf9704baf58cfac6d04120ceb5f1cbf2f19079c6e26c9bd46276ee848ecb00c51c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
daa241f1d62003327ffc3b683f46a59d

SHA1
bb2496d89305ea1a244f86f56b659ff5285450f8

SHA256
8bc6ee63a43b7d092bbd5da5817b0477ba8f7010e12b7b14e2214ef5eb2ead8c

SHA512
0158359b40fef47e5e9fc35628376555cc6dfaa29caeb873015a90aa5548a0ca27e747b2089c431878f3bcd50708e8dedf5ba4f7ee7cadda3e1b8ecdc37c4050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a31637e9f7e7bc768e82681d8f3c47db

SHA1
d828385543378b1c9f7a6b0f3dadac3f8b741453

SHA256
0bbc8f942927280e1cb4de9125765af3d390124b53e125df0a5a71bf18d2da30

SHA512
5cb357c60bbdaf379aa3b89d7b4fb5f2f896cf522c1812e18fb7d1293a126863b9cc61ef2bef0202a8ef3d6a6ef646773face5b21513da27eccf7dcfdc7c68b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
236dc382bb9c7c0307235b22b8bb749c

SHA1
ee74880eb88d1aa37842e20ad0ad49deb8741ad3

SHA256
248afa1646c937582dc70bad257203eb24c3c8a02dab057dce180b43669b7efc

SHA512
39a9b6f6db883524a2c706e0f53c5c3b99744a44d6cd0bf372fbaf3ac462b604187bd022899eba68d99947b01ae7600bcc00bc63d3e4a7e6b742214eab291d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3723f5ebec1a74f1daaa93e3bbfa1709

SHA1
458a55f4195fd9e0b11c66b361c1a7501ac6c472

SHA256
8fa1bb466512de307b8f2bf58121cc4d173e6aaa5ed134f4ac0cd53f5ec8c7ff

SHA512
8ae4523fba39eb1305f49304e50176eafc99920e4cbde87e10ca4a5553604199acd36c01a06a2b43781291ce5e84cd709d0a6f3d5b713965679c99d51cfbc95e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
9e81fa31b625681e4515c1eaf9cbbf8d

SHA1
6d8fb2295e40a681877fc7cd72ae4aa8472017d9

SHA256
e1755caa6ab83ca79fbf3183203e9b6b1fc53d9e6d38f4a2e267cbccba6e74b9

SHA512
d568162c9b2ed3abe52142f88410f628aee43da8f15d1fd242d94795e2f8e5762d0e28cfdd43fa1efd09dfa37b573128e462a42fbd391615fa37876cbe12a3c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
2187e81323f3282e8756b770b8b446a9

SHA1
17a2ed3295dfba23308411135b6e59a9c278bfd0

SHA256
c82b1949dad87c38660a6fae7ac22f667604afa23bd3e65759112cb40cc36cc5

SHA512
5a1674d298dff88c66347e0955b2fb78208f55e1411328521d932104812bbe44f1a06c91ff6571fc464a630db1934a3b6952cc3f0cbc68399fd57cf58bd4797b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
2791b9e72d5470bda8f269a50eeaa404

SHA1
07239aa65bf8a3e9316b0f808889cc6b2550fc22

SHA256
4b6837495e214d609ade8a1ccbf3ac085edd406705965f2d4cde392535ba8137

SHA512
35315f0b173b8291a37a8080a0638c7098397ec8497dc32a65cab99f7577eecbdccc3b131cca8e75a7ac64df9651d335fb182d4fd48835caf1f73d80a8709d4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
6a720f828f05bc3b818fd22acb8bc01a

SHA1
8c5195597539a230fdd4b1ebc32c684efb9b8835

SHA256
3d4683100caa1b4e125e8a72a7961cf53d409f6167845ee90e4209ab7fd36da6

SHA512
9a2c85bb7a63a653b9c49f3c3365517b2ec824ca29329efcec9f8823fce065e54aa56940174469ad4c6076bb888e7c1fa480d17ad9de50cc72679434c8ca5532

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3244_1412149578\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3244_1412149578\f3f8dee9-0632-4bc0-a0ed-c822cd54b0eb.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit