390a9f0190c1191af22da73bb1e592c294fdb8dee031645f9a0c06b509dd1191

Analysis

max time kernel
264s
max time network
262s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6534.js
Size

10KB
MD5

189f34115f7e4b47e5a7ffb04b947fb1
SHA1

48e168beea3281d4da41324aee536e548bb12897
SHA256

390a9f0190c1191af22da73bb1e592c294fdb8dee031645f9a0c06b509dd1191
SHA512

091e621281d43e25511ea6a479868139d0eb844862602ec3194d078d08b39362818c83ba1e303643ddd18ef3888ed9c8d4a6ea681e4c860fb9b8e1bcde4af0ab
SSDEEP

192:sablm5ih0mUWgMLwAmi+2vbOTOj/KM/TBsqEChPPTzXN4Pk:Pm5ih0ddCCwT3

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240694197723290"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4848 chrome.exe
4848 chrome.exe
2948 chrome.exe
2948 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

4848 chrome.exe
4848 chrome.exe
4848 chrome.exe
4848 chrome.exe
4848 chrome.exe
4848 chrome.exe
4848 chrome.exe
4848 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exe

pid	process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4848 wrote to memory of 3916	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 3916	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 2756	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4972	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4972	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4800	4848	chrome.exe	chrome.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\6534.js
1⤵
PID:3476

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6534.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa784a9758,0x7ffa784a9768,0x7ffa784a9778
2⤵
PID:3916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:2
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:8
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:8
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:1
2⤵
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:1
2⤵
PID:4928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:8
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5040 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:8
2⤵
PID:4216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:8
2⤵
PID:4052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5152 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:1
2⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5244 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:1
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4656 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3976 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:1
2⤵
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4996 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:1
2⤵
PID:1344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3836 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:1
2⤵
PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2696 --field-trial-handle=1816,i,18161202306779126441,397007953062167012,131072 /prefetch:1
2⤵
PID:1020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4580

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
30a2dbc615493729926679a9a2dd0d2a

SHA1
7c665248c6064533faa79276329b68ce2748fa0d

SHA256
b50b9aa7397ca5c508186b45320a96a75be4c4d576df70e283afb05a11123c4b

SHA512
4160fa252495cfbf9160b5881811a48121da814b693b685a478f073241222b7b1ae1ad5a2cf4115528c25eedd8d314d4e4d3f7e7a2ea4f3da8ecc3041ae7b03b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
725c018775a83676e20786117fda43df

SHA1
fae6bcc64735236c112e3f5bd7a6fd308aa49ac3

SHA256
ffda61cd21fb07a6ff766d1c2cf35631b6b594e33147d196b7bdc751c96ad01e

SHA512
9b0960f961284a0f448b29be251af617140de132a4dd8bb66631e79af631d18dfaa22ff329305e66ba32449fd2d20f9205a9b2b02621e598749b13c68538172b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
789c4d261476219a60adf51333b36782

SHA1
cf7d0d29805fbb1d209268da15ae448647ba06b8

SHA256
3c98ceb12dd22853e1a2c7459010c23b762b7b0c8c0acc7e884b5d99a9171485

SHA512
14b76bccc9aa54a59d4e8fe5fa41eadb16f24adb327484978a1c1fabfd201e6c435c51dd5aadfe738dcece525fd4acced694a1e81a0976c30ed21e2d1c656dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
42ca141cfa9a23abe0b91cee2c02f28f

SHA1
9cdcd79d6a6eddf3a23da685f4b3963ac745bb28

SHA256
9fe91f93875e92c90509a71bbefc927b6cdc7ddb4e4b3e630d18cf572f1ae993

SHA512
ecdc82a172d10fa8e160736a7a70c3d697d87402c1df0aaf056ad716e10f7ec09fb0131d7e4e10065fcf929faf3f7673964fbdea7daae5a1686ddf787bc21486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
aff0e024a748a851f93022db73751778

SHA1
d31a8e3df906d64f490f0f95f6f65e6acdcb40e3

SHA256
3009d74238b89bd1fd0c0149665171d976a6be53bcb7d72d3ccdc03fcbe8518a

SHA512
e2f4583e43f35283ddf1a23c80bbfb1d3e38e367d361be85182083781d0d2159148146aaf81e173d57f7e74009c08dcf0abda0cddca059428994e5fde64abbfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
dbc70b1c4d06c22a431644fa00b46b13

SHA1
5dc2e09b74cd668532f61034c886705da660c53e

SHA256
d8164f4510e61a3d9eee926fa83045e19a9350b23c8014e4e29deabd5a4ee6ef

SHA512
fe6838e9e3a8b064f5f4b1d27acbb71ab4b347456a351da6522fc4021141544e4ea22f3e09bac2bc926b2e795f73f29b0ba2817324177949717c2a90b1ca0022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
8f67ca030c9fcf13dae0640cc9130cb7

SHA1
15804cb1dd992b0d1c40b33ee4a17931e70dacff

SHA256
c899f9b28e454f025f317340d53f19b2e21c6374ff97335b3fc004bb5286f20f

SHA512
b60173b99803ee09615d26224c32ffeac68e94aa975d764fdaab345e069b555070fff74b2e7f6dc31dbde2792d4f36d76e6ba018a72eea0b5f034cf47173f5a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
edbbf64f98e4ca33704e0bbc2397c707

SHA1
eff62a5170e6c51b5de0cf064b0357cfb91083ce

SHA256
05a2d31f238c04706d7d825afb0f7deebce4844fb756bc19a1d5111bffd77ed6

SHA512
2145b6a6d5940672af11346d24d34ddf33cc1a1792acc081e49ef4cb6354546158446766870fc1d7004d41b4621bdbacc8628917ce58e34fd9cf21383e7a2916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
6bb800a18981693a4ecedf24febde7fd

SHA1
218ef83d1a96e32a59d3f3fa0502cf59e11edc3a

SHA256
f5ab809d0e76b146fb4b3cd80fa5aa09b201ab7ba43aa72e5d715583086da45e

SHA512
16dd234919e241d3f1cb4b671637594b4979cd8f9ac606e435ed1522c123f9bba11030a97e99b671e115ec6bf99402889ebf9d4266236aeb26b658c6da1d80d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
6b6c82f5bf4262d61b885a61c1689a7d

SHA1
6357b5dfa9456e0ada39ee48f02610921b218f46

SHA256
f3601e2a8d6ef35115d44cf431aebaca6e97f68a369ac94f79d1b84dd139251e

SHA512
f253faad0e9e1dbbbf76b45915d5f759c5cab0215108a1c1dbf74fc3e38fc9111bf2a9ccf77f15b283606590fd5714794ffb29321d59e2b468ecc3c09858a600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a0097bd1c9f91ae0073dda6fc10e20ab

SHA1
0f5e3f9cbe16081a3eb4b4ee38828fc15fa04eba

SHA256
88f78027dc3021f4af95abe94d6b1ebe7d25e435b0d085ba6a527976d11e1540

SHA512
cc0236151ec3ecd085149d7883ca013c9397810ec19c5fdb496ebdd08e1e5cd8e4c8196b01d0025629c3fd6ece132d30504a6eb209809b11a7051dd0ade55b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
b0ff70a721ec38098d1eccd3260988d0

SHA1
add462ce831ff4a107a67224b5ada0a64854811b

SHA256
3afe1c6b7b813345846ade38efd94666ccedff33f4ac072b2ca1af9cdf1d0229

SHA512
c3e912aec8c2d3149d2cee2b3f7fa7c43a08f9d8dfeeb491f5c5c1841f56ea387bea64ec47345fb5ae4407ca3b998c98b25001d2cf2fed05144cfe3d2455b504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
8ebd652a7052ea2ec82ffdfcbf2dc77e

SHA1
a3e846bf79e4f606e4dc950c03211277cb3f8db2

SHA256
5fdeca330123091105b160951c3309e2d59e9dbe163b80b3efc2d8583cdf16c6

SHA512
4323a836701c7b9092eed223f64dc9bbbc8f2aa96fb8779fdbc7c5d7c9ca9dcd1fd9b54e891a877c3e0aea64e0e045423a8d1ef39343401e48cae19c5abd9945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
240B

MD5
a39f56a49943e5aad936949383ce3399

SHA1
c6da27ce7e81d04a76e2f583466e4b6d7eab048c

SHA256
7e638f66ba60d72169db41bfac7a622d6a9d955ff16b7ab725dc48cf6b2b3827

SHA512
11e7794c5493014f289079c03fa87f63536a2eb9bdeb9d80e555810fd3c43110a3f9603b618cf4f53bd539ccc0153d76c47a94d9e514f5a771cfad786332f4c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a6f17.TMP
Filesize
48B

MD5
5d9af0e4e5ff448bae30ea9a06ac95f4

SHA1
e4d3593ace3cc6f97ccc032e6c3c83993fcbc516

SHA256
7c7798253f8d83fcd0329f76a510f4722cafe3991835ef869a85825211032f86

SHA512
09fcbcc4984994029edbbdca0a86d1fff5f918a9070a0d52aeb8b00904a9c599e0a5f3e96c83f879d63e11baf81663f70a84ed37ae1a06003bfc649c6d395ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
c4e231f352ec3e354be73e6ee9b8310e

SHA1
0dd4739998458cb599993bea47f4437356c8cab4

SHA256
4e416848b86d72f751a54bde46dc9b66fed270396a0b9d91dc3df050056d1371

SHA512
0374abfa36d1fde0ea98319bcef2dc2625f6ef6fc356e41d90c18e8c64f1bcd4bcb18e815c723f6bd7676b663ff5697ddcaf3aefe4fe825f271c815fbf5b369f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
9a3ec996655886fb5e76d5b16627783c

SHA1
869ce9027284317d026dfb33ec4d029452cdf011

SHA256
5ce2cf2c534a250c45dd88c1640b02a6c96fe33dd0da0bd827bd75b6f9c58e84

SHA512
89bd5209ed853113149810224334256678af5d6f21fc481b2aa514744d1c7950eb9c817f34c5ee72ee6c20da5d725e11afd5acca976772c78a25f2f379b68fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4848_VLWICKICEAWCLCFF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit