8d7ae5ce21753e0c2a006020522080704642c377ea2ef4d1c746e43a97aa8132

Analysis

max time kernel
158s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
22-03-2023 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Reimbursement_Copy_220323.htm
Size

5KB
MD5

6d495cb13a5b0609c3409f326ab21950
SHA1

06061bc2b65733ff12fecdfe09815a1d83aba281
SHA256

8d7ae5ce21753e0c2a006020522080704642c377ea2ef4d1c746e43a97aa8132
SHA512

bebca356f4a1d408ff80a33647875d56d2d13422db43a27d6603fd9f1e400d244b44b7a69d516a919a7d299cf9f0c0032df1e68c0864dd7879d4f727225be84d
SSDEEP

96:eN0BYntcNMDf3Bucvpndz4kE466BFF8eJkPts64:e+KcNMDfgcBxVDkO

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239939037064307"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1532 chrome.exe
1532 chrome.exe
3820 chrome.exe
3820 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid	process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1532 wrote to memory of 1856	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 1856	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2760	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4552	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4552	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 2016	1532	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\Reimbursement_Copy_220323.htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97a119758,0x7ff97a119768,0x7ff97a119778
2⤵
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:2
2⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:8
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:8
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:1
2⤵
PID:60

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:1
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:8
2⤵
PID:1060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5128 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:8
2⤵
PID:4388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:8
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4484 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:1
2⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4776 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:1
2⤵
PID:456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5184 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:1
2⤵
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2804 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:1
2⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3500 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:1
2⤵
PID:4192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4648 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:1
2⤵
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3500 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:1
2⤵
PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:8
2⤵
PID:3368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4696 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4576 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:1
2⤵
PID:4156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3500 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:1
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5204 --field-trial-handle=1812,i,17375551726918892002,16007697946859802379,131072 /prefetch:1
2⤵
PID:4276

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4376

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
19KB

MD5
e7ca24dc3a47160c9af0d45e48f1f911

SHA1
c689e79b895a18c9f1334d6eff56744ae22739b6

SHA256
abb85c399c274734c689156024267ece39c2b96d82c752065c9a649a8abb4c42

SHA512
1b6c6e386b8ae1202e7699b2a56c7573ef44661c7c4977b0a9e261c576066ec3c536ea94c7a4cbb5d70ebef2405ad71aa1e3a10c2a9340c69831db53e2fccabd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
fac0972fc957b73929db3d06432c6219

SHA1
1cff7233673c109b36d3ef8e9236104c3afc823d

SHA256
652167860cccfa16b82159e35b20efa81740a8b0616222c23297abc1efc795a0

SHA512
6ccab085ce2501497891139686d0b87e61b8fad37dbb093318219cd764332efe2f1667191e91c200552db80cbd03aa8944b280e7108044511f67a6805545ec93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
9b3f6abad32b22889da13a35e1bbdfdd

SHA1
8fbafaa598f0144e722c8eea242c3d8c2e1ed720

SHA256
b33e38924e180916488921b7dc572bb3ed37d5904b09d78ea76daaf0ebf2688f

SHA512
ed071c353909ef22d74481a182004b49fae69b25b4ba8071d20c8fe8086bef23f5328ca3926ea3c717e36a10b225db572c020a722ccf388dc17563a5a4de2265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
9da4ccaa19de3e728f001817acfffeab

SHA1
22d6199d00a3c16840555bcf1c2b14c889615d07

SHA256
197bae51e95b420f6a0dd8c5bc3e8e7c57308078d9eb6fe948f81731e407274b

SHA512
d9a45ddc4fee5cdb3958bfad9ebb9479b60f0d52bb530fe663063910e5cbfea94584fe4918f77cb6707b5646f654f6f0b405c81b73e59e0bee44138168d24676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
d8ba7cb49078786cb4d5b83d08ac0972

SHA1
0efe97f8fef8ac51b42555e1e134212fcfe66b0b

SHA256
5c7b9e0bca0bdb50cdac10014e8e8eb8177d1976455403c263824b054ecd2a6f

SHA512
fea78c897cc5c52e443acb7e28f50840533aa212dbffc993b373a378a0df1834486759cc9df548baba5b13dea43403acdb8ad98730d7e309b5521c539afa90d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
7e06ccf43edaccabe5d5a0335d10d123

SHA1
73c7af9476fc3612f52e95ce91c25261c505d9e3

SHA256
9a0f769b1606298869b128b8509bb155ad59f7fd5734da9f6f51e1902a83855e

SHA512
89016293044129a4140e759bc078283c7cb1a5526d842f40a77566ab96eced023ad65100e802d8220a889b7bbeaa97f6841792a187caa98da22928616c18973a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
6067420607e6f7d955824806a4cf7210

SHA1
026015f011af2971deec281c943e78738178a1ab

SHA256
9ed2e594f92c6fa5978a13b72045e936727837d8e9d178b0560a819a271a7dcd

SHA512
ee2f59293e40dc8168008a8ffa96a95b69f63f5e428be4d3fdaeea3502f864a1e977a9d9d69293fea0b73562a0f9ee12c8ecf911b16a2ac25f8b177dba55ad61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
35fb6bdcc2c72f62a0e3758dfb4f3b38

SHA1
4291fd24a665ac2d5f22c0439143d4a4795fc3be

SHA256
f699f206377dd7bce688b24ec29fa80eeff13b1e404d64e75a84c9f7c0ae7579

SHA512
47bad21946e04137ded661c16c1539fd2c09eb16b97768bf12574307ad9e575eb90d5e79c26eb71a1b2e8a9461c6e191b90f59a1d62ba05191b14dc0d7c87a37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
62972b04b1e99c27251e361ddca17565

SHA1
f8239755f4129d0009b601da21989c048706e5d1

SHA256
458dc6f6c190e2f958f106712887348bfee1fa11e4ca5dce71af641740a5fd7a

SHA512
e4c6a078e75d2f49508aa26b817b251c96c6c8d6e979e772605098837e179ba515a42cea753ed78ba5248a79e77e0b86f62e7b94701ab695e27a9b2db2f22800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f53ae984bc69f72bef1e39b0d432161c

SHA1
e02c9d7213306862471e55ef5ad49c5248f7bb54

SHA256
035a4f8fdf3f1bc153b851312a3edfccc40de6c21c81405f62e47c10993698f3

SHA512
2876a92114bcaf570413a5fe8976e36daff8f24dbddba15efa8f226dbe908e6a043f2ea04c5c4f663ea296ec7ed318a7ee8a0dba7aad675b21f6f2c8219501f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
e60fdf5eec8d637c612492eef238c1a9

SHA1
6682e049bd359a864b90091405fb930ce8cdfda9

SHA256
eb9fc8f776bacb828a9b6c509507b37a3a24fbd55cb1c79c9afbca219ea8a60e

SHA512
dfb15035d3f048595708f9ec04d13036257300d593704fd0e20329fffb96d52cb2fd616193bb668bbb627770ba87d664d334044dfc45412a4c6d24528d3aae52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
df51cef19e288082177df7982c26e97c

SHA1
bf12e06dc2e2abf02866fd08c0512c2dede16c1f

SHA256
8b140f8a07d8103022636d0c9c085f714032f1aecd346005f75f75ce14cf545c

SHA512
b0afe78cb62660c342bd39eaed564197adfe31d72510f2df6d0e473203403929a3329621bba93782f85f95560227d284a44af4256cef1b51b03421550c0e49b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d7a388b4-dd3b-4865-8833-186efb279248.tmp
Filesize
6KB

MD5
c8999b9f95466b228b2daee471dc3e74

SHA1
67d434645ebdb4390eaaccbf245da22667ecd12d

SHA256
02835284d219969ea770a3bc5248330b518bd7d33bf2a9b698fda34022df913f

SHA512
cccefdc2576bd404ae34d1d2d8ebc8edbc6085abb50345ce575076393d9092f1339c7d53998001412beb2c0682e10217b0362563f8dbc8760f2638a3a7272c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
9dbebdafa0d2fad12cff8600d5120d04

SHA1
93d312e71835894f23e45fd51e139b505ba81341

SHA256
e1e204dc080d1e8dd40eb478863373d99ea00eea547747cf888e030d24d56a10

SHA512
3fb869e2f16d416fba7537845000b0057b64eaac633409ef050aea620c65145ef4f57e40c2dba850020a404a0f08c0a53cc89fb16373d3edd199bd396d7df0c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
4d76d3ca1d4c740c4b746c039a4b0da2

SHA1
eca87eb396a54e71ca3880773c027e3b5c488891

SHA256
a51629c2eae4175b42b9538f126bd5040e42fd5924b0d84b325d7540afd61a55

SHA512
a1333259554d68908bb4911ea886514ee21b453a5e1ebf5f5f218306699e47f413b37ae9c1505c52eb3ae17d9f121777374aa64667d741cbcca56c08926f8066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
8801fb2b6d417c555332ffaf60b70f7e

SHA1
a84772f9f710a53ae46eb496a3846b9ea40bb392

SHA256
954d3a14be94e516136c928517a97ecb8d270b48a82171ca2dcde6bd7e83f499

SHA512
dfc76788cb4bdfa803347a6746a8a073e9ac184438d1786114f2df798b93e6f2a475dcc0fcbf307869ee26c1fe38124b9b711892f358414a1d0503b6e73f23c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
943e7a822252721f47e0e31464b1a62f

SHA1
3549a4038543b96c85d0766b9d661d77421bd923

SHA256
47c20c6c5ab6e0ee3009610b153a3b445de1e58aac5f3b0450c8e06b1d94d574

SHA512
6437aafa57369c22679db0e83ecf4d18d68071a50a9ecdcd71c2ec301b5b0de09c2ae2db70c61fdb3430b2e7f9520c9d0431770aa31f7e4eb3e0abc944437d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
3d84dc3fe11b6400c044fb409e1336ce

SHA1
3a15f42a658044657562c63b1c990fa5f38dc816

SHA256
bf03025fe28e6b4816bfc62ecf438db1d4f3b194521fe1a08b9b4796527f5345

SHA512
a2fcf5fe730394fe0c722d459b4f2050d003cb9c82f21d9f6c58c4d67079785b165792991a2e191c7cc797d3237b0ef7bcb1b39754fb7fd4f9fd531395af6e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
108KB

MD5
a524a895216452b9437c83c2f6183b0e

SHA1
41b2803dc08a6d6dd65914510fdcd5d2cfe0fbf2

SHA256
24b3123ea8ea452e706da550eed381bec5d4550569105ef150d1ff081185d017

SHA512
123b92b3b98aa8aa1286b3e8f4c9779ee316c7112b0cfe4b5cdaf1c86fbdc40245572778af7a4225a762321e640e64b34d924b2d55c8aee3ad6faa4ec7e90382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5839a9.TMP
Filesize
102KB

MD5
603d0b05183f03801393ccd3daa86770

SHA1
5a68cd9c1fa96cfc50f54a3fecf24bdd9245f55c

SHA256
56bbe2132e741712560261d5565f443de29feb6aee8396d4a2ddaceac983c853

SHA512
f1534974984d3c2450bba32a01201483e874feb390f573a8cfdca4c7c3d29ba8250ae27ae1e83fc3611f2fbe38592a0111f7fabdad7d3f093b8c204303de8f3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
6KB

MD5
646a2f821f8d53441ae9adeb26cff435

SHA1
483509262b3f325191954f1005bfe6d3ce10e85c

SHA256
7e7ffdb9402c53896b0d846eb96e9f3daa5c6ebc98f2273f18e07961bd636656

SHA512
c6a844324bada96883c9ed7bbb44cb89b2ad1319479b9414a3a9cddaa6cfa15811d8e9d8c235a1472cc94b9918205be3c1f47de8637ffe086d35dd612bcd5a3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
Filesize
7KB

MD5
24c3c9f4b001911bce12352816602b32

SHA1
0273cd72a6cb1996aa930d5cacbd05a66b81396a

SHA256
9bee2c723ce2e90d6be9b2756d227aeafece2d3c91d6a32674d3b0c7ba1d87be

SHA512
efc1d97ccfed79b53bcc769442428993693e18984bde82ce7df79a70fa256107c6eebfb128dab6ce99a50d630d39c0264f6d3794b44f3b33050b1845da9fde1b

Download Submit
\??\pipe\crashpad_1532_IEOZCUSUDHCECKFG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit