hxxps://issuu[.]com/onlineviva365/docs/20250106800351201?fr=xKAE9_zU1NQ

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2025 01:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://issuu.com/onlineviva365/docs/20250106800351201?fr=xKAE9_zU1NQ

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Legitimate website abused for phishing 1 TTPs 3 IoCs

phishing

Phishing

T1566

flow	ioc
168	qrco.de
170	qrco.de
171	qrco.de

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808581481621518"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe
Token: SeShutdownPrivilege	2568	chrome.exe
Token: SeCreatePagefilePrivilege	2568	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe
2568	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 4592	2568	chrome.exe	83
PID 2568 wrote to memory of 4592	2568	chrome.exe	83
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3208	2568	chrome.exe	84
PID 2568 wrote to memory of 3752	2568	chrome.exe	85
PID 2568 wrote to memory of 3752	2568	chrome.exe	85
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86
PID 2568 wrote to memory of 4624	2568	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://issuu.com/onlineviva365/docs/20250106800351201?fr=xKAE9_zU1NQ
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa3a58cc40,0x7ffa3a58cc4c,0x7ffa3a58cc58
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1736,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4500,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4876,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5272,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5424,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3536,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5448,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4952,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5268,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6088,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5932,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6004,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6156,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5724,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5368,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6072,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6076,i,8738325482202619482,365981283158310766,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:4964

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c8068d43d235cd6755a0b124c8d2c7a6

SHA1
2caa3146be52e854b942bcdd012631c94552ac3d

SHA256
3627855b947d1b5e93d4912b59e07aaeaeb481c889ad439ecb0fa40edeec053f

SHA512
b6b8fb2d83aa3e3789a57eaa102c8be314bc958afe5d8d0a4801d8eb96407fb1fdd1806f54da9390729098934b0a5f8ae4fc1f3e38546f21ea0f6724adc22945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
86c5066dfff1725f7bca4fc1d2defc74

SHA1
5a03c1ef1f74af8e008bdda1eebbb760fef1f626

SHA256
c840bfe580fcae2fecdcb757d9fdccac42a6086a160d18bd232efef0dc2cdc40

SHA512
e52ec73fe201ab6f918c4d9347df827bd99710de0844283d4b88af6dbfad2c2754fcc2b6eaeb3e37a1bbf0bbfd9a68cbd5e8903814289784e66e70c5f5becc45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
fe230b932b004f26d6fa8cf00e775618

SHA1
fd5f8a1f89889905929ece68a28adc82199350a5

SHA256
df245993034ea263191500604c44dc20b407b502a4a0fc5c6455f6bbae16c359

SHA512
dfe0bbc91523ad3541ec95fb6f05954a99bfbf31dcd9676932bcc8e87f22548cd4180b41d06c1441f43035ef07950ee5584dfd1f28152bf3724c226b813cfe30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
db788f2959218738eb94860fe72cb011

SHA1
3bdc16a3a212e494413264be83d9162238fdfe09

SHA256
347741ead5cb6d693abbe0669d369ef9223d4d2087f1cf46a676dfdd2ba9f09e

SHA512
f1d3b1053959aa5c986f76e85a5fab24f9b9a7e416b127d91f17b4e5ee8dccab3f875b6e50341bdc3f51e8735229df7900f4365b08a61f2549a6f06379b1dc3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
acd411432d41a64737897fca7e1fe3ef

SHA1
7165d2d9e40d5ff5051a92e4be63e84978bbc1bf

SHA256
1a476e08a30fe375190ec5a12e717ae5add69c5b9a9ec9d095e17ffd1f9e194a

SHA512
bb43736a95c1e94917b3ead4040a071384ca9a347201d00a457a5b75c208375d8fc79a72bbee529608803260df577f2cbbf77d5a4a2d7079aadf04d1d31c901b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7870a466200ab5f2ac449faf5a69c1eb

SHA1
8713fcffdcc81e5dba1727b5f0611652cb30b106

SHA256
27b2a3177344fec2a75e53fe2e3ae211295bb9435051affb451a7966c3cc3012

SHA512
f80e597d40c889218b38907162f9b3d34ab37c15e05171f6f62a2113831e1c756ba4fc0f055e03d2a6300fbff650d2f313358f970d94a9e6930229532016645a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
79938caba0be7294b33aa559e29f2eff

SHA1
7947db376eb23015b46cc6562a42958bb5972de7

SHA256
064b0e7e6e615f13a0c079fcb8c4a4284db27c9c4cb944f9c1bca162815abe6f

SHA512
87949428d49ab7f3f3ffce83489117d9c6a21058910bf7688b43101212254f78d461d3ac5343e64c17032acb2ba89784d558ed967f15948bfdfa14af02879374

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1a0f51709a9dbcf47095d340f09f3b10

SHA1
610cb932655ab3ff53a891b46b517ae7f4872cb6

SHA256
ee2bb0ef0ebf2e114bea47f1013cd85c20843c9671b193167b36e3b710c0c012

SHA512
44a60bb3c3d9ee54fc19ef8a93699d09b034b56c707ad22ec860698c5a79759825c0ee8d48a0624c6d0eda94e717d34cce61414ea9f941a8510f172a742c738b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2b027c1acb50f2058130a18153d8a31e

SHA1
583114e57bea05467dd9c1c43cf3567476fe5fa8

SHA256
5c54fd554441dafde8546e808673637a5e96bae2862485bcbb5f91b178fb6f96

SHA512
0ad0a033e92e1f94a8e8d6e54198ec18943bd551862c521494e84ec3d820a1ff604406d1aa4d24b5e6d140f0b1a82582e6691ea01700840e0ff6e74f1bc63afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
416b00d4c504107b1e7eab12db34ee3d

SHA1
a562498520c92aabffa565863faf99e46cbaa3a2

SHA256
8a40a1a17dfa2ffad0522adf2d7c93514fcee289353eedda971fc3fe290f90d0

SHA512
251b1b2f6fafdc756fcc6b5abee020f37d364ef0a137845b472aef21a44c0d888c1fd80cc8ae91be03dc650c4149a1a23dfe55f0ee936428fa24c342de881f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c30bc9ebb38e96840d10ff549917d7f6

SHA1
d9813a2f357a4544f5129c7f3418fd6c3a2c82a2

SHA256
19d5c55ff290acebf0bb4ee7e38a64133f8caab1b9f0b295f7a567895d9624ba

SHA512
3b104afad0c6b65f41e602ee3218f17caadb8e062465f6b0ca6a180d18166d37973a5c31299783b52e8df05c1ceebde423cd1a2e84b1f34b50922814e9328ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
785f275cd991e9c498f410f5aec28676

SHA1
f6d4d5ae89ef5fe04f9fbcf1e5f480d56a666b1d

SHA256
4c8c653f9ae8c05c4288e7d2120d4309d4ebb2adb3a9da5c3c12e27911ca0401

SHA512
ac0ed85d5f4058269c8ea568dc1eb2fc0145a6f1d97476816ba3a8e050e4037b6f64988753967c753b3a1cd77d0eb576cc063c67005b264b21c2d81ce094a7c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
63cf00e8793f72a11ea021fda0812558

SHA1
dce7ede583d0ebb6ab316efa4f8af064d46fab30

SHA256
eb66e3486cc9010ce9332d59fef71f2cd29045fa4d81d4294f4a68505f0747dd

SHA512
507d36c7eb1093cd226f8687fcd49aaf883db762787aac1b6e85d79d07995ec2950338558a35a8c840501a65aceac2486fd0dd3144c887686ab638e25cc34289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7aeba73885902e0976787b94c0ad41d5

SHA1
227673e745c482aec5d6e415d7e55e2009a2e22f

SHA256
77aa0273df90d1e46dd104334995e70b1819c04cc5baf2f54de31e15a6eee585

SHA512
bda0f238c4e09381e147066d7ce9d0d110e506915563dc2ac60c6858b47c690488e2f285bf3ad7a003dbe13de60026eaa859127e8fad102bdab97356517f8184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
2d1f3785ef7eeac75c2d7cede15ed93f

SHA1
67b89f92487877549fa7a149a2b46b66279a37ce

SHA256
016170f4bff552ef0df25b481d1b1b46fd62cd12c64fb25fa8fdcfda00a912c5

SHA512
146c55f19ba2edff5240af1c543a3f2cb82eba0280b3f455c9fb49ed9f47b10aec16e58f1012c92390c55d6c7dc80a486d3d8c89ea55a97ebfac0be0446d261e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
4508ec7edafc0b1e98fac2ad514b6a5f

SHA1
217f2b631e444e049f9d37b0db9aedbda2d6e92e

SHA256
2bcfc197647301f086ab09dcd80405f79f95b676bd7b6b56e7b878871428abb6

SHA512
d03c8d77832e4a4995e82f38b26ae1be5b686d7a3fe38a29af142b16aeadf770a26cac627abf955e4e922f041c9cb0b91d88557470555967262a243775f29edd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ef13f230835eb736c6328f28a5020f2a

SHA1
35d376b2ea63f06e22ab8bc585ad14c4341e905a

SHA256
0cc90ac6f474fb025c390655e51be34354a20aea247e8fa842dbb5e5a2db7d5a

SHA512
d64797efac9c6ba71cdb568ae2f64cb146247d88b43cb7a7f3b09127230390f82c17420071078a41dd8bc741f762ca7a6f1b7dc61f2fbdbec78bcde9a8b4142a

Download Submit