hxxps://hurlurl[.]com/4d7xI

Analysis

max time kernel
102s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hurlurl.com/4d7xI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641518628606458"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exe

pid process

3040 chrome.exe
3040 chrome.exe
3040 chrome.exe
3040 chrome.exe
Suspicious behavior: LoadsDriver 10 IoCs

Processes:

pid

4
4
4
4
4
660
4
4
4
4

pid
4
4
4
4
4
660
4
4
4
4

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

chrome.exe

pid	process
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe
Token: SeShutdownPrivilege	3040	chrome.exe
Token: SeCreatePagefilePrivilege	3040	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe
3040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3040 wrote to memory of 3656	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3656	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3248	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 4728	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 4728	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe
PID 3040 wrote to memory of 3980	3040	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hurlurl.com/4d7xI
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99039ab58,0x7ff99039ab68,0x7ff99039ab78
2⤵
PID:3656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:2
2⤵
PID:3248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:8
2⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:8
2⤵
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:3300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:8
2⤵
PID:4152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:8
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5104 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2896 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5092 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:8
2⤵
PID:4264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:8
2⤵
PID:2424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:8
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4568 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4124 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5104 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:1332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4928 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4164 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:1844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2920 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:2144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4516 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3172 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:2128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4568 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2980 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:3444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4996 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:1820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3992 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:2356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4908 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4264 --field-trial-handle=2040,i,1020648211658200576,505114754164156586,131072 /prefetch:1
2⤵
PID:4352

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4532

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6004148a-277c-4ee7-882a-a06b7c87e713.tmp
Filesize
258KB

MD5
1ef67f820ba4d345f75bf2c3a6aec4cf

SHA1
ccbec022cc0ac9166f2988d5605dfb5f8e8a05c9

SHA256
d667581e38b5a0b9a922f7f3013e2d3580dcbafbac4effe11f8722eecd9c3582

SHA512
9bd687ec522c293eb5f315d936076792022b426439278c047fcc2f285e4a1314be6a1b367c7fa8e7808914dba3120e8fbe0d1e5f3169ef0035e389e6f601b604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a775b34d99f1be1eecaee9668e7b1bf4

SHA1
f93f28da696144e4db2124c61d3c6e66accc13af

SHA256
b8df9d04913f14117cd99f612662cf3ba8cf71e7612eead46215aef5478c34f5

SHA512
767a3580a83a104bbf5d84da5c66655ce79b43fdd57b815d572348c7c1e3cea511ed795dc8d5b8117e99bc3f3703b00f42651f5c0592365f3f433ffaf8623cba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ef1ded9f94d5ccdf1505987f3495fd82

SHA1
b9637a38b6913779658811f12a0bfe548df236f4

SHA256
25e2868278c319fe6648e00a8dfbffabf19152d8c3e0890ef61eabd6c3c04f94

SHA512
68777f2a772ab610f95f444bf3e6d3eb98e7fda09b739742cebc2da607cc29dea737fad7ea55515b11ccfa24d08c5904e82dae890d35d7cb339af16461b0c126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e7f2c42afdef950b1d9764eb5742c7e1

SHA1
691bfbf5720c301acf8b92fe551fa77e16808739

SHA256
0325f4900dfd06d1d17d3ec47d0fe9a0e34ad95a14b2e96dad9b3a9adeb499f7

SHA512
619dc5bd72c6e158c901730fbe70d6754cbbad2df70801b285f34284407dc3e7586d93680a25d1b37d5ab8a9d1e77b56ba1c1831564322fd5296c91cab53a77f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
82dd81291ca2c861eae7de357fdb434d

SHA1
87eeaf3c78cac2e4c0ada41f00613de1264ee3e2

SHA256
9634100ae6e1473cf7f07170485c0ec3dbd24394e019265bc6558b2be5295c13

SHA512
ab2583d89f649d2056c1ce5ebaf142e3312890474e053c8ae1e8bbe75d3d76c89fc6f686f83c8bc883f798e55d42d39a4ec3cadac890ca4ee225e876b0a3785b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
e88fdbd980ba9c0cceb3dab62b71e3ef

SHA1
02d77b84d33afaf87371ed97f7e534665933fe70

SHA256
aa9b0b1c864ab5afc9249fc9a57cd2833e87fcaf0912dc72fd31a026087504a5

SHA512
7238018f53b0e1f4498b680cc56c120571af572c92af15b8dbd9b35739f8c1e3bb803c355ddc5e05c69d749987277a1ffc80d5698591a352dc52c06386b2c6bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
e60633fbdccc32aaacdc2ffc94e8b3e8

SHA1
ceae633cc3549cee5a320f0b88ded41540ecd674

SHA256
a2c79f0a6812e56039980c21843a55333ecba7b08a744801488fde0122bd7903

SHA512
c1407ac565aba33b6548b5c435017ce748728e4985b0934b565199132d5ed9f084ee185bc3f05600b6fb6a572bf2c12397d32ae53a62231775c996ad9397335d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e2de.TMP
Filesize
88KB

MD5
f38e0c995ed228fa9f096f51e7068a0d

SHA1
45521553f8381ee33d30ddddf08f7af59e5f4428

SHA256
b50104a71cc0628c5c522038ada53f210d5e4ed6ca14fe1b265fd31b23d43caa

SHA512
45a576a41827ed607ba31c8054432808c23ac835eee1337921a93b4b14574767241090c680cc274e27beb8fe9c11f33281005b686712565c42b1e5f724d1f007

Download Submit
\??\pipe\crashpad_3040_XGXGVHSUYLGLMELW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit