hxxps://sptr[.]eomail6[.]com/f/a/OI0PyMvPTvrE5wbygITSBQ~~/AAAHUQA~/RgRl9PliP0UgZDliZmQwODI4YWZhNzljOTc0ZmM4NWQ5ZDk1OWEyZjhEGGh0dHBzOi8vcm90NG1hbi10eW8udG9wL1cFc3BjZXVCCmQQYnQSZJSisrZSEWxhY2FsaG5AZ21haWwuY29tWAQAAE5C#ZGVicmEuc3RvY2t0b25AaHBpbmMuY29t

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2023 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sptr.eomail6.com/f/a/OI0PyMvPTvrE5wbygITSBQ~~/AAAHUQA~/RgRl9PliP0UgZDliZmQwODI4YWZhNzljOTc0ZmM4NWQ5ZDk1OWEyZjhEGGh0dHBzOi8vcm90NG1hbi10eW8udG9wL1cFc3BjZXVCCmQQYnQSZJSisrZSEWxhY2FsaG5AZ21haWwuY29tWAQAAE5C#ZGVicmEuc3RvY2t0b25AaHBpbmMuY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238171226019380"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1428 chrome.exe
1428 chrome.exe
2104 chrome.exe
2104 chrome.exe
Suspicious behavior: LoadsDriver 3 IoCs

Processes:

pid process

664
664
664

pid	process
664
664
664

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid	process
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1428 wrote to memory of 2384	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2384	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 1656	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 4552	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 4552	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe
PID 1428 wrote to memory of 2780	1428	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://sptr.eomail6.com/f/a/OI0PyMvPTvrE5wbygITSBQ~~/AAAHUQA~/RgRl9PliP0UgZDliZmQwODI4YWZhNzljOTc0ZmM4NWQ5ZDk1OWEyZjhEGGh0dHBzOi8vcm90NG1hbi10eW8udG9wL1cFc3BjZXVCCmQQYnQSZJSisrZSEWxhY2FsaG5AZ21haWwuY29tWAQAAE5C#ZGVicmEuc3RvY2t0b25AaHBpbmMuY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd3f59758,0x7ffbd3f59768,0x7ffbd3f59778
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:2
2⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:8
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:8
2⤵
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3244 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:1
2⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3256 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:1
2⤵
PID:3760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:1
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3408 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:1
2⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:8
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:8
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2216 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:1
2⤵
PID:4208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2448 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:1
2⤵
PID:1484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3292 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:1
2⤵
PID:1304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3356 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2828 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:1
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5016 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:1
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5552 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:1
2⤵
PID:3832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4604 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:1
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5040 --field-trial-handle=1816,i,14246562237106004276,16238583019031458481,131072 /prefetch:1
2⤵
PID:1084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3588

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
d699057fcc208b7811f629ea5dfc2be2

SHA1
f649ac19303df0e6620cd14972d919d1b1ce21bf

SHA256
99d1660d4b1191c94a9c8022d9f441d6709362c392c8060f4bf974405536cc24

SHA512
2621194e0735a8a70d9b83ead4b42ae3933bdf3c010584c2a69192bc701834d160fddd7c3660f58b424486d79dfc1b7de9a4e979fecff37c0d12cfefb7525586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
8cc87f649d7a4fa9d760d33f58096a52

SHA1
2b9db0b85b0a9c7a077fa07bc5a50c4aad0ee781

SHA256
35e15a08686dc8e2e2ca9964febe29241c7dc508329ec9246451a2e302a30688

SHA512
407557608c8932c97e1a6b79848fa8cb1d49be7e185c4b6ac4e4227e2085d85a5cfd7feb6bcea612ec29b0ddf47b35168d672bef5cd31fd27b22d155c6af380c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
9929e1bd14affcef7d70da35d62e8b9d

SHA1
e541394c60abb86a76c81c23176c1853da3d4914

SHA256
a7220b2bef549fcca366d960373a8c113c6b50cf9ee1eccc633c23c44e89c171

SHA512
b98d3763ce067101ba48bcb942e71ae46a40804e1945194b22951cec1ae0d5948ddb0298c3262db982ce8ddd5cfe93fe57b9bb8ee2f8a35f0e5648db6f584c88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a7da4d088354fbbf30b3ce17616a1577

SHA1
997194239b2515391c79c9e5c225846223ca867d

SHA256
75815e4f6168b81fa4285358c40804026850e4a1db3390ef075b540d1d56b227

SHA512
e61aceb34542d3db6fb80b5975f06ea87d9810e240a37506ce565dff878300a10ebbbc2fab831f895f613d75a117a541382863f747d8a149b8e264d3974fd0f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
53d5748828942602cee24d07cf6c0508

SHA1
b4b4d963c24df94f5ef2ce7d12015571746330d2

SHA256
0d05ac59bafb1d1febd721fc5de1937ffb231af078b40620e36cbdfec682422e

SHA512
7dabfdcdbbce76715b325993fa272ce6406dee08148437ccc911f3cb5b449da334d0b825cd74fd1bc74d9ec5f9a1b334360b13be310ec30f996a054ebdd5ad04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
929b3280a1c7c607e22d5fbd691fe3df

SHA1
aa4cc5c9dc78ef01308b908bbe38425d26acc33a

SHA256
2b0b41f796945a1b40dca70f5ec7c25eef310ae7da097a8da2150b0089aaac10

SHA512
ad8a685dd92b3c9cd26c4b71f80dde220d6a48e120e11539cf275f6a0911914c14c59822cad91b5b0b17bc9c46f0e30053292e41664e0da40c34410c0692e4f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4d46d9aae62945f8d802e545e59a832f

SHA1
0fc16d8cc49a691cd14f32941cb9bcb6ab7e7f57

SHA256
54254f9d9c774871e772f4520963ffa45a4d6043b620a16cc301bb96e000ef86

SHA512
f36aee28a759c22efe88b15ece1a089d82b97dc699f7c98d0350d7a79b9a4d8967b3478d9d69122d54b1c083fb19c09c684a9e6fd50f1335e33854860c38debc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
258429510b63d501307b5b49339315c6

SHA1
a0754d70ee087e561ae49f37a3a16ed286125de4

SHA256
3041694bb0474aa92f0d75bd1f8048cf1f2bd086268576ac2711c44f50ff1cc4

SHA512
03f72d958aebd6d0a69eb0bf0ee4a1012d119707792f4abfe57b1260a5859c44a146eded0b09b789c6e32893f5f4e61d8f9395dc907afd45537f4de1e17fc7df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
694a607b57eba03a5275a9dcb7c3ab98

SHA1
1d36783c811184c63fd66b3dc35647c5504b37f3

SHA256
29550f9978d35b8ed17ac27078c379b56d1a0a64e315ebbcd7a0f3ca54a4b20c

SHA512
1b49fbd50de652f95abb7e7c1bae6fd380e6b527e8537f22513ea1c29649be3eae36122a7bea4c3d11a96e7f39276b6fd214b6aee26fc26b4996eb628464ec52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
af8733a175b3d48a37066baebc4ed18f

SHA1
c2fa93f23d5c0c5c6cb0bb7e07c1235f1f6218aa

SHA256
ad6028491f3be0d8422f118f76d82990b78760c332012dfac57062f0b6bc919f

SHA512
1cb05ff35742ff92d2cb55f93032ec4584fe5f9682e27eae00b09d9874a260cd1e7466ea8f6c6c7968c0790042b879c0b730c5d7b925ad3578f81d4e165e3cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
9e523b0369bce84fa6d1ac10a7945292

SHA1
59d96e796e0077c1fe284eab61a37ab108c332c5

SHA256
d13c267e5ff6223205aa9f47165bbad5d956c14f4a5a58d6daea0c060471fd0b

SHA512
f9a38a755c73d099f991016b2fbab6a52a29adf03dcab55f84da89f493616ebe23221156ae1caf60db9dd7fcbd46f5d5dd4f743c78decaf54705eb0efe9c0e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
5175ebc0687df5c48fda9efb52179b35

SHA1
c100ed349be5dec1bfc44cba7704ca5807f4b1b1

SHA256
ca2e7c20230523e6f634193e5c04289b30b84f95c0f42366391654f9fbe420d2

SHA512
0e6a17d7772f437b4f2edd48af4488a10b38ca0074a370f45937c0de9a8e9fd77d3ac316d41b8f2f8fd98c51b387f42a01579659e37a9c40ab9ac502e8e2ef06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
48e76186377b259565eb8227d93a13f2

SHA1
22ff3cedbaf2a4b4ff12f8b2a3cdea5542b5ff10

SHA256
a650eb1c8013fdd5a674f321f42306150be5efbcd6ad9878d0f28f43f1fb7786

SHA512
f92c8ef8d81baafa5a0d21ba2d64c70ebfc5ddbf13d51cdfaa9b954f11f8eb6e79c3370ddb48229736782f8d1e26f7f0566bd323c9d6b9798e441b04fed19e5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1428_PVEJMNWIJTWLQJCV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit