96362573cc5e47dbbefa8c9a0a775055b19bbc3c67b9a328a632d2da19bf4c29

Resubmissions

18-04-2024 14:48

240418-r6rb4sgb22 10

11-02-2024 09:54

240211-lxlsdagh99 10

02-02-2024 12:22

240202-pkb9ysdfd5 10

14-01-2024 01:01

240114-bc9zcsabb4 10

Analysis

max time kernel
61s
max time network
68s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
18-04-2024 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96362573cc5e47dbbefa8c9a0a775055b19bbc3c67b9a328a632d2da19bf4c29.js
Size

366KB
MD5

faa5c1602d97a596cbe130aca048bc6a
SHA1

5df32e61bc6d49b6b8dbdf637fb7e5f54d1b981f
SHA256

96362573cc5e47dbbefa8c9a0a775055b19bbc3c67b9a328a632d2da19bf4c29
SHA512

f765277d12e041976d528b4921684ed320c5ed277d7d2036b82b87f2ad35b3c2b0742f4bcb0e13aa5081c72ba8a9aa27ed40be5d63ea5da759f36359d3b70bee
SSDEEP

3072:MtJHg/rntoaLx8RvZ1jO7iTqEoDOYW2HfLcGAoaKTkmB5MjA3fV3edY:bTng/aimtKYBT0SRVUY

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

2 camo.githubusercontent.com
2 raw.githubusercontent.com

flow	ioc
2	camo.githubusercontent.com
2	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579253573963710"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4568 chrome.exe
4568 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid process

4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe
Token: SeShutdownPrivilege	4568	chrome.exe
Token: SeCreatePagefilePrivilege	4568	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe
4568	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid process

4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe
4568 chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4568 wrote to memory of 3220	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 3220	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 1836	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 440	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 440	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe
PID 4568 wrote to memory of 2292	4568	chrome.exe	chrome.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\96362573cc5e47dbbefa8c9a0a775055b19bbc3c67b9a328a632d2da19bf4c29.js
1⤵
PID:4664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc95a4ab58,0x7ffc95a4ab68,0x7ffc95a4ab78
2⤵
PID:3220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:2
2⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:8
2⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:8
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:1
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:1
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:1
2⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4444 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:8
2⤵
PID:732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:8
2⤵
PID:1224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:8
2⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:8
2⤵
PID:3380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:8
2⤵
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4108 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:1
2⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4820 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:1
2⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4852 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:1
2⤵
PID:3644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:8
2⤵
PID:2456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:8
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:8
2⤵
PID:664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5004 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:1
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4624 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:1
2⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:8
2⤵
PID:2948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5328 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:8
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5416 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:1
2⤵
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3296 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:1
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3444 --field-trial-handle=1808,i,3409229751854288287,10439217835785093715,131072 /prefetch:1
2⤵
PID:672

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3212

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1d479728-a47d-4825-bdd3-1a0b194d0c0c.tmp
Filesize
16KB

MD5
215ef6f0e4c11ed90e50075e1dcc9231

SHA1
785d4d5273496f581771a2faa69422aa25e1eb04

SHA256
047b3523a068f7bcb9cb5689126802a4a22c9515abd5e27c2318437d2fe58198

SHA512
d34cc0878049ef5353dce58b1270b390ea7cd5ccfdeaa976fb285785bc347b58f345711d396fdc4af0843a96ad26718dfe4c659153de091930b6ad6cdabd7894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
ae5b1abcb3f1bc731f556ae27e3373e7

SHA1
9a30327ad81f3c200e65516c40497b825a2c4f04

SHA256
eb695ff409a98da9ae978e50ba73f0d7edfd895c6b928178a7f88d5ea3405d7d

SHA512
4d291d851ba3ec1e4f962754e80777cec38f4910860846bf99b50f76e9a639b5be8bbf54b4d2d43eb7fdf7a8175c669465349bc3247954b3f11f6d295cdd7637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
d4f19aa661782d228722b9741520d48a

SHA1
1eb3832dd473f54e9e157d8aa3180419d909b986

SHA256
ad43a452c83202913a9141b9843e5be2302ef6ce5848d5279b8d684303e3407d

SHA512
8a62fe4875d71999e0fc482d6251152065652f377599b24a5d77258c654ef72ff59bb6e747b280a5a4d40c3e5fac4724a57aa98f0e0ec3fab4b269fb0330a12b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
fcc12b50273c2789658f0af0007a3fa3

SHA1
79579e24be0cab33f5e5e6e0c74e339666e09edd

SHA256
f9f5634fb6d4d7115ef9dec9ec53f498859339823697206847067e6256387110

SHA512
8bb527b528ceda01cdaf3f346e534b8a3b436b9fea2db519f1f10accf52339aab7ad39705a161d38e492c535a082823836ce32fa28fdf0a846cd0a2cb07479b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
c3c5b1d378a0004b0e13606a42e21849

SHA1
b1b0283712d5f56a0a0aceeb06222319e36d7e1d

SHA256
e845853b1c952eb7c6bd79b0ca5ba475d737796befc3b7a248f0f94fa017e170

SHA512
621784a8cfcb69820813e40f95ec0d2afe9006600808fb68576141f45c6d078ca1ed8465a14546e644249adda9ce2daa0ced7140ed8d2471b62336fc40b665ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
54ff5c83a9b1f726d9673ec4ff1430d6

SHA1
e16de2f4b66c77d1c8794ed40a90fb7c0bf9e791

SHA256
4f78d3cc8acde8b95e5fbdddcd024e711405869c78c08e8f0372f36e17076bdc

SHA512
fa03f07f6ee351a49031752759985fa5af6a7bf015aedcbcf5c3e9812616fa0b15ec5b54dce8af6e07c59e60715a1ad194c0237b02b61b271c2a9e57b6c2f0b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4038ab7b9f4bf7b07f7a9a5a90cf8d82

SHA1
79346aa42a49ebb16a1aa5bd4ba6f767ddd97633

SHA256
e4b4baf67f1a328702b74a341b665df0df539abc41896b3079cc056c799b5e0b

SHA512
a0488110388d68021eb993cbd13c26d3bb3c48c170237b571c8d200f9ae054573823305c8f7cac904cd65280a95a810dbcaf2e5d698936ef1de8725bc4260852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0b830c7bf16951706ab90eed23a46ec5

SHA1
ddb49f52a122dd086426d227d1d2372d604dfa84

SHA256
910f0d904292b913acacc0b6bf3072301ba5ac3ffd3f45acae2043f64e5afb39

SHA512
95ea476312a6c4dfe76423b2bef1584ee70068ca3286643d188911e7ff87e21e805689c6800c1f9968283f1a29a8e79b36bc90964166f5d0aea2cfc13c5eb1d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
38875669b2a18ee29f5b6ef50b1a3cf7

SHA1
b339c1f0d33bd0bdfe9cc7537e1d32e67c79b5b7

SHA256
0f02678d4e173e666c6d77d45faada5764e527fabdc30eefc8854ad2f7c836fc

SHA512
7bc99f70481bc084aa48f59fe936826f89f18365bd2f540525c5fa1601298f7dc03ceca8072b4e495f9a372c89bebfb397be9d58a0ac5df1722c6d45b004a186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
c55b6e05250a47cb6211e15515939eab

SHA1
7ac97aeee8a94b88ebcd1dd8b84d3ca3adbb8412

SHA256
f5af891f4d7070b5cb618d821dbc6939ffcabb78b8d01150c4a61655023d810c

SHA512
5951d383bb62be3dda30a5c49cb558659c511b9c1843f9f8e9da3ed39265d4f242271e1a550056175c788de7acaa81e38eb9803f0e809292255a47279d5ef9dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b9dc0ec005010309470676e701359c69

SHA1
420f572c1e0631a733be6b1c8c27433de7cd7ca4

SHA256
02bb3118001c3a7178c9a980e1d172b668752425fbf393c1287c71839a4cb22c

SHA512
6bdfb450f4558057f244e9466c33eb8732d8a5c91a078b072d398d3b91897aa9e85b9b0bf8c6fb26619ccdf8cc2ef9df2bea2f413a7a8dfe6775531ea478977c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
4db96c128b4ebf43b752b95aa4d50622

SHA1
99c799932c444077c9a0b7a65dc54dcf902f186f

SHA256
49b684e678560d596b6474e8f8ba4f64728ed0819880a8a64c84095c6bd72779

SHA512
463deaebde8f1865485a8f14d2ffa7e8fd81008e75e656818c0879b84ee331e11461de9ed7942032a1052eaaa846f2fd6ab306497242cf2927ea23b81d9b2711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
016f916ee9ac801b45ad07753d8d0d0a

SHA1
53f0b445887ed7f55b3033dedbefaae2699cb91f

SHA256
1032d119660b0caa9e03056ba0d1bc81f65b47f6540876d343eab1e099e87b59

SHA512
533810537eeafb716986d36f1487b8aec2d09f5534253f3187888ab0a4a1d7ae040b63ec6e7b985d121c7504c789227e5560162148bab2321bdb9d049807f4bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
4536e342e5b1c5d056eb5f2ff1d9946a

SHA1
422c89a300ad95c0d1c91ec9bd64f36384a5b73f

SHA256
d3e5c2a782583fdd203408de7aab867758296942ff48fcce8eb01340671f3feb

SHA512
c2bca54e2799cd48b3eab4e9e96d5fe57c114429a96c6affa5a7a17026e6abc51fb89676a05394cdc9a2735607595728cbd064ccb8495f12b7b4aa09db10c710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
769ea4c8714268c248c610d8c3bc0082

SHA1
01c79db863d564ff49a025c65d0438276125ab1c

SHA256
2bd3648aa935dcd1b98ff825738715adb0696f1717b2ff65443f633ff4dc9f9c

SHA512
c425d64772db61ebe36c2308e84fcaafdd9e52b2443a753c9adcf76eba5a0ba7dbe3d16e23aaa4dd960e1cf92bcc21cc99e963278fd464ff5181cc17e699db2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
723cc5b903282cbed0dc418567508d4e

SHA1
f70677c28f23d42c9389531d73bf1e1277c8db30

SHA256
cf32d0511b282ef7b8dba8e5cccf736bc593a9a2632b730e024d2d7032a2be81

SHA512
663a0bd1d00ac63121491975dd82c24e084e17e1bb4527d02642c85e4759969176c93b11f18f8eab2917347cf338f0757f54acd8ab1ba70d335980864c5a8dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
86KB

MD5
f55a14fde6c6f82c2557a80ff7030acf

SHA1
51ffe32459c1d11352e9686994ab63b66bb49a6a

SHA256
0de70a17e93ccea7b9eff7d2d2627b067be92ef688ec29489ec0126d5817335a

SHA512
66fb6e1f28de9af478719b586f886ade78512f03414d086c585cc806dcdda42e0144877346efd4874106c21cf44cee181725066df9d38e4d415f6428b2ff568c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587172.TMP
Filesize
83KB

MD5
23ad37b45170d8817c05fbcd61b931c6

SHA1
58bc60446db8fc2ec5deb36e6af72bfca996af16

SHA256
3ba5a760bc5a317a8e6b6e47f3a12c482499bd82aa5a00a4b86a86a4228386d2

SHA512
6d4cd1d80ca8bcb9ba679932b94c06b8f6ee8076445efbbee2a87641f7a06d4228dedf9dd2a879ef2e1dca58c042b9c331eca0a13392dffcfbe87d4fab4211b6

Download Submit
\??\pipe\crashpad_4568_UOQLIZWUAIMIKZLL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit