e9013a37c6ee9bb4bee376c5d93c58957dab859c938afc69198b5143250add3c

Analysis

max time kernel
899s
max time network
903s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
13/03/2025, 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.55/XenoUI.runtimeconfig.json
Size

515B
MD5

e0f6f18f9b152bc2d8c710b0214805d6
SHA1

ae3d39e59fd6edc05792a76cdf4f02a637f52e29
SHA256

89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd
SHA512

80a6a9ff925bd1ba6f57fa1f7dd40de962001af97f8c2477d0b502728e23b6f412c74134e33efb36ccfeb08bbbeb678beb7e2e52fad24a763967eba8cf09b29e

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
81	api.ipify.org
103	api.ipify.org

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133863050543861256"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3016	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 3796	2148	chrome.exe	87
PID 2148 wrote to memory of 3796	2148	chrome.exe	87
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 2020	2148	chrome.exe	88
PID 2148 wrote to memory of 1508	2148	chrome.exe	89
PID 2148 wrote to memory of 1508	2148	chrome.exe	89
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90
PID 2148 wrote to memory of 1580	2148	chrome.exe	90

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.55\XenoUI.runtimeconfig.json
1⤵
- Modifies registry class
PID:2152

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff840bccc40,0x7ff840bccc4c,0x7ff840bccc58
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3424,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4228,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4948,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3388,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3360 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4332,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4348 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3260,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3340 /prefetch:8
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5136,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3316 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4296,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3344,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3356 /prefetch:2
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3556,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4912,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5000,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5460,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5376,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5564,i,1913564863557127821,9004814390187060716,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4196

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3560

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\360cd95c-1390-4360-a49e-9e6c3d927f9d.tmp

Filesize
10KB

MD5
3a2d4e157402b37e34ca1df3a553ddc4

SHA1
56c1ee0dca9be2532b46c2145973e17e5b27f156

SHA256
33b5de7bfe0fdfb7dc83297f8e030a5b010465b971bac51bb3f3665424de5171

SHA512
2837f538629da8a6c63e6b8a7f021f887cdb52c3aeca92b1a7e8dcc1b7bcd10ebb10b9c818c1262b88f350cdd6b0b7f6a01ac93266a22fde64926fdcc54b8c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
295c5ee8edbebe0f5828f9e3a74fda6a

SHA1
a3aed7e728e48704b928df516b4f26f242495936

SHA256
14680712165cd59a5fcd32513fd7745768a0a48a973e686e1e30e51ca5c5f272

SHA512
d5967ab2557d1a962fad95746e7191bcd938f752492f15e10c9cd685d324c29a65c91baa416ce3ed7c714dcae997ef59e2e7d745753a8c462653235500fcfcb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
215KB

MD5
786c4894e2393c2a6df8fe0fd6aeee3f

SHA1
2242cd681f699ef3d642ed9ed1f202dbf6b0c1b0

SHA256
258ce3bda497a9ddf8e00e70ab2b08608c3f3211aecc90348179eea95be084a4

SHA512
73751c1624a8a7e8141c387159a700f637e4fed6f5974d7402fc4faf4dd72c0779eae74049746098ad2c05765fa97329c51e9cc5f422c02abaaa92035aa991db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dd7ef1df2eb06e6d4d84939913c65278

SHA1
1ec38f6c1883b15769d34d2af1af703484eebba4

SHA256
5589b3b3a0c19575d75d5289812d8e8c762385b24eb2ce33bc0f6e375ba453dd

SHA512
ca09d9e5b112669348bc7b4f8a5a1c09fbce208cbbd634f006e94f4e7393ae33723a0cc4863c31efb1758a1d585042485c3d2ac898cea023ed5fa8f3e65fbbae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
b4133f866767c09986da9734fb9e0f22

SHA1
3b522b9ce63db4d70e8d77957de13a2f5fd9e383

SHA256
4d34cf40b06fd9e94c610b5220ca8f6fa4c90e54d9ff3fc9cbf356ac332356e4

SHA512
4c69915af6f9778e5a3133b42fcdd978a997e43ac329b8cc84480b54037264c38133ac4a567a05129454308ec5be8729751e81fb1d31ba0483d4fac2ee9d96f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
066bbbda7059b85adcff7b74f19ba9b3

SHA1
e9927ec4c72aa1205a863c88f5979e7110d4e81a

SHA256
6b4ec160cc52f3b678787f49104bf1608fb3dccbd3565155065f8cb2bc2f07a7

SHA512
33acead07be1fac6473cd8edb3ee439eb5b5e073b28d822336e087d5d0dde6b417e3394eaba0c85039cb3a04b64420784df38fe0c237df4da34c5695df2f66a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
aa17423d5395b6acc1cd3da4d3f12516

SHA1
6dc8bb50fcd737fc476dd9b6bc68ab37e85be04c

SHA256
707940c59648a8f480f7c45533670bdb2b1fd2835ca188704bd6e1ac09116568

SHA512
4e9d62d04f9e7f58bdcec8d25eb1d56a36506f80da60c257ebc0767f85042e4009fb389f605913f8caa77108f3f8b322eb9d4d2419229def82477c22a5ad4b4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a9f0862fefc64b95467a791f14de32fd

SHA1
84ea5c52ed1ccecea4810a42ef10c401053c7c8e

SHA256
9122c63b8721e5c92058b774fdd771de0472486314a0c60bf327dc275e834a3e

SHA512
9c38b48156f3129cf9c38d17f9b6996d8b02a557548d63a213c7d5b1b339398526074df60ade6c49dac9a5e66fd8af8337a7fc06415a6211d3c8cf1c1cc3d0b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
d3cc3507403e3d4c76120331ef05fe88

SHA1
a7b46c53626f294808198ae7d7352e5fe69d5234

SHA256
ba82935780c2d8f79cc959d699875a78915b1473bfe4c4dd9b03516f24c93290

SHA512
3f03e7d2de760fa5ed1d76ab52cef720272310f9ac5eb4be6aaab8395812b67ff1525b69f67f99afa2eab638a3e8b91e1d3bf09c08fda6c2606095d8b7dbd2b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
8362cb070abe9c874e67cbf5526bb9fc

SHA1
d775af9428ee799d15029a65ea0d24e2cf52658f

SHA256
e488c1fd6b60c904ef76abc0358db3c7fb1ddfb2c2a76bf5c5ba7974a29f06ce

SHA512
f0a57eb032b35a41dbf64838247008c37033b6cc259355a606fe90903faa1b3e0526241ef5db2a63a4d10180b7e652c0eacc2a8f556f5677b9d45921919f1518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e70063725e34a383f6c29ece0f4a31e

SHA1
95c815b95666f6bf863ded5a9f10f982da055609

SHA256
befb95c355470729072e970753c60f0a68bd060698b6fb7a5f8db825186f7f01

SHA512
8c8c5f11862d26dc82a233a3cc6a01a65274ff4327fbb6e38e4b672d95be875660bcf607bcd16c535d7550d99e42e5b09e7fb6cdb5f751b8386f7e3881078006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ad2cba3c9e95ef9c425342be30435d83

SHA1
85496e5d80112fe1bd4f9e3a655a5a7bc1c80f2a

SHA256
b4517c52a7166519fc9a4ec1633e38ef3de673a820bbfa796d01768e7c2a9009

SHA512
c434bb2ac366532623f4ebccdcc2caa08c9f217ae40dfd09313b14f16239901962f4d232a5798e398ab7f85feb32584ab4f72c55bc17d571bcf7656b7ea44093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ed94e9caca1ce0069bd4bbafc9326b68

SHA1
9ec132092bc614ceac76269f3d63557ad3953793

SHA256
a0b50113ca141cbea13bcdcd3e594585e650560bc57ddd11fc8270f293a414fb

SHA512
aaf6a7268c6a12954977153766c8b3aaa478bb6f9a952c27cb9ff4150826ebc5621cbbe2b3842579c56031e0aa1c17811871ebb52ef0e9b9f7df93731be4dd32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c00ed8aa754f20843d5ccb92cea2356

SHA1
64c6b97ea8dc6d54a7c770eeb2baded323193ea3

SHA256
67ad69e578f0a24dec110ac4e430ffa65ea4cd3c154f7839c60928841b35becf

SHA512
3afcb3024b7308063c3522ca86586d0a68a0745ee9e977a2da1fa62461842fba8d7c9f5854890468f894477f64e98cc932642b91f926ffd15c8f302cbc919f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19486d2cef870818db4d596ba6724da9

SHA1
4b6feb93ee82c62949de1765db6343ddb13148a4

SHA256
8dd7ca320ae24f06b213541bca770e89318c1ddb13f4dc2857fb4c78c733124c

SHA512
892fbc3e5e542650dab3547214910b3b8e005abf9b4e97188e710de28ed375b710389678e65ab7eaf4a247c8b6342e853186b258c35ce41943c2da12e2c743fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37b06f39397218b103c1db75df6efe92

SHA1
fd66e2bce3cd3cc2abfa9329e108dacd7e90ecab

SHA256
3a33281035379ac98fe6d7ca9aba4f4d935c1b877c0e78cdf746cc712764dd2b

SHA512
8c7083157de07b268b59d2486c313adb3855ee924ecee3a4fff073a664e879b3f6f09c5569625ab6a9497505127ea5afbeec33f3ab49423dc6e5eef639546632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
554d0cd517c0dab17385893e2b3744e5

SHA1
b890395e51d40ddc3bd02137210e4ae6f70d9495

SHA256
e4ff058ccc556dc4adc625b724c0efd9ab19967f5297cefa13a73ddcfe3058ce

SHA512
92b1c1e0a6ba01112eeca233da924dd5e43c7c54c48283f8170d077f3625918b413580d2e0f77486316109487e98c5c06d684d912bd07de9f21ab63d6f1d7265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
212240be275c237fba8568cdf8de6570

SHA1
6478dee4f64d3d259bf334878d0991a057361f00

SHA256
ef62bc4d2de4e59dfec9e4552cee13a57dad3a0a17a366026dad2770b2867c4a

SHA512
cd1f238dc25cfbe52040672b85daa0aae8fccf61da1c19ec5c9eb2f3550fce5f11f5ede5a0597f9ac3f600c9c250ac1ccd11982b7bc7afe9e4f49a0d2806c81c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe645b8e.TMP

Filesize
140B

MD5
71101d73066d176c84ac40cd4dbb01fc

SHA1
8033dd290be33ca3ec5ec6f121340e5ef7210b99

SHA256
55f85ecc84e2f15898d09c153461a787c3eb84a5176f73067d59a5d2031f3649

SHA512
eb20e3a45617826ac9698c51f1a97b48019bfe239705af36c127aa4ca6e40123ba8d4149f1a7a0000d01c226eaa35a113db70498eedf6e3381de87874976c8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
07078a5a260d0773b89d1709fcc113f5

SHA1
0ba42e458c8d37cf2e3e97dc11ac46cee89fec1f

SHA256
273b4ddb247fac2c390d03947c6a836b4d246aab435d19d601a8a1b623ba436d

SHA512
f8e548a50b76a9b06ee4284bff2d672bdf93f3d3bf4c79efa8dfa35bfd3d9dc33e5cf570e191933aa7c55b0569743d9c6a82508a11c3445ef916741cb55b5b08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
bf1d98626f1cbf145214263a2f01cf1a

SHA1
9924a96d6af677916259e4c7c2cd6740ef733228

SHA256
4211cb4710f7369cec4e369c9b64f2355149d616cdd269838dadebd147ab4ff3

SHA512
a65cb18ec25e9d926aac9390acabdeece3913d44b1280a3a693079e3150e3b270150f81fb4e0d5afd096606128cb89a8511d6124dc56e406c86c2993d0d8cc2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2148_818305957\5f5bae42-5809-482c-b5d1-48d9f7740451.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2148_818305957\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit