hxxps://trk-mkt[.]tason[.]com/CheckNew[.]html?A8PI9b7HGs1iTtAv24GgKOcbPF6qT1ciHFyceyuPwSkG==&j7jUKLzsw7wjhVcTX8mH1AQSNwJp7TMCR2=&j7jUKLzsw7wjhVcTX8mH1AQSNwJp7TMCR2==&UE9TVF9JRD0yMDE4MTIxNDEwMDAxMTY1MzMwOQ==&VEM9MjAxODEyMjg=&S0lORD1D&Q0lEPTAwMg==&URL=hxxps://drlindawong[.]com/xzd/#YXJvYmxlc0B0ZGVjdWluc3VyYW5jZS5vcmc=

Analysis

max time kernel
300s
max time network
291s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://trk-mkt.tason.com/CheckNew.html?A8PI9b7HGs1iTtAv24GgKOcbPF6qT1ciHFyceyuPwSkG==&j7jUKLzsw7wjhVcTX8mH1AQSNwJp7TMCR2=&j7jUKLzsw7wjhVcTX8mH1AQSNwJp7TMCR2==&UE9TVF9JRD0yMDE4MTIxNDEwMDAxMTY1MzMwOQ==&VEM9MjAxODEyMjg=&S0lORD1D&Q0lEPTAwMg==&URL=https://drlindawong.com/xzd/#YXJvYmxlc0B0ZGVjdWluc3VyYW5jZS5vcmc=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240827748205494"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1548 chrome.exe
1548 chrome.exe
1548 chrome.exe
1548 chrome.exe
5052 chrome.exe
5052 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

1548 chrome.exe
1548 chrome.exe
1548 chrome.exe
1548 chrome.exe
1548 chrome.exe
1548 chrome.exe
1548 chrome.exe
1548 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1548 wrote to memory of 3556	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 3556	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4884	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 3652	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 3652	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 1016	1548	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://trk-mkt.tason.com/CheckNew.html?A8PI9b7HGs1iTtAv24GgKOcbPF6qT1ciHFyceyuPwSkG==&j7jUKLzsw7wjhVcTX8mH1AQSNwJp7TMCR2=&j7jUKLzsw7wjhVcTX8mH1AQSNwJp7TMCR2==&UE9TVF9JRD0yMDE4MTIxNDEwMDAxMTY1MzMwOQ==&VEM9MjAxODEyMjg=&S0lORD1D&Q0lEPTAwMg==&URL=https://drlindawong.com/xzd/#YXJvYmxlc0B0ZGVjdWluc3VyYW5jZS5vcmc=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffca33c9758,0x7ffca33c9768,0x7ffca33c9778
2⤵
PID:3556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:2
2⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:8
2⤵
PID:3652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:8
2⤵
PID:1016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:1
2⤵
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:1
2⤵
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:1
2⤵
PID:3260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:8
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:8
2⤵
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:8
2⤵
PID:4756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5052 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:1
2⤵
PID:432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4908 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:1
2⤵
PID:3284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5380 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:1
2⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:8
2⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:8
2⤵
PID:3696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3664 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4572 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:1
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5328 --field-trial-handle=1820,i,9015593864583105221,7052294983979874167,131072 /prefetch:1
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5056

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
192B

MD5
fc8a026fba9b91baf4e528a0070c28b6

SHA1
15493aa52587b0d30f648af5fa1b5fd33d335586

SHA256
b4823affa02a479008092e5ae2d561af7d9b0c04bf733961708d339688635f10

SHA512
8046d7f40ebb819e8bdd8beb853c3290d562b5fbec3cae5b51505a4f2da90f751b60f8c987e853f6a5de7b706eaa1a360fd7b413a311158b12560b30f5edf183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
5315af630c98cfa75e7577674d1b9604

SHA1
882039f59b528ab86f33a838c3465468100503b2

SHA256
10d67eb7041f078aea01d8a47da975571f0ba8f8441b59a7fdad71448bf01fc4

SHA512
b398574eb5e55672601cfb0ddfe932c06457bf5f8502e922165e37d1de91cb9d4cc64dd110a101740c338704f5da8b7ce10e75552fc3ddbeb811a6cd803ed520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
1bdea28328535d945141e22f42a074ed

SHA1
eceea5299ca940c005adf1b88c510d64b3dd8eb8

SHA256
57d2acd3fa43641174c5e11a0c4e09dd3be3984272b5f89664bcb4f76c246311

SHA512
60d38c4df79a2bbf2073995097b91ebd3a3d2260c9b1ec544beb805c600224ad1cafa0522bbb600ddb78770c00cb6a631f12a05c54e2cec9a958e72d5bd4af60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
60f2cb796d316b80d38c768121ce069b

SHA1
54a4a58652818f98039164c182b633609a075c04

SHA256
86040d033cedffe7cb22f1a2defe60496e2a0eace1fd0f2279bb70a2aacb8fe2

SHA512
892fdb6d62a09f95d1832f9fc8d484ae7bd99ec02e4ddea8cfa193b092d873c53c06def5d1cc7e60a69c3348fee2363ff7829cd85ff96ac7f6312a1d483087cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
44aa75855a7225977da6398d9af59cd9

SHA1
766e6243fb3895b520992c9ef13afbcd4f81a066

SHA256
3a3b9548b8e058eb31cff115e5a64e75f2e396bbb41ab5dd2663ee91b28a88bc

SHA512
6f6046ee0eb152405d424db27887ece05cd5d4a075c4dc6744f3f07869f91323150382e9b5cc5266858448480e66dd6b7a1c96751ad74c60a0983e6ce43dc969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
0e6851f9d81e67fcbac1ca27be9497c9

SHA1
3f31b6a5852b9ad13179a45d1229f7775c616dd0

SHA256
971101cece0f2c3ef78a1ebf8b2db91af749950d023046097caf1e1926dcc7b5

SHA512
7e17543537ce85d3ef8a95a98399c43b254b14739e8d3b1f584188f8d1aa2ade79c91227c6cacf6b40b223475205dcea2f378a293b920d392262905300d405cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
9ca85fef0b12091b7cafa7921d52fb04

SHA1
6e0b2ea2b1c59e891c644874669c4ea412922212

SHA256
218d11656ab9be8166d2dd45d2f71fb5d0e4f753f977a0819faa04bdf4429dea

SHA512
25d33fe8b07631b0604099b3b2dc52efd6c29bbe62bd62ddf1fc1923f0c645eaa1a4850991cd73229303f022650e73b08877eae707f469d3debf7a0a65a1437c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
1feaa34c2ab3695c809268aaafead1de

SHA1
8ee86aa5a751877b47ea72b3cc29b31f6e376b8e

SHA256
5d75cdd679aff9de6ae9efb9b3c0571ac4b29eba3b422654da0ba23c3eb8f70f

SHA512
14d167265e8750f61cb54d36def3e84c1080ba7fd986376ce91f819b4bbbabe0df75c81d0b2088c36dc68b7fc0e8b79048d284fee3025871d9554f99fe1f700a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
bee7b5d34733f399babf9aa3b9b382ae

SHA1
b6a01bfd352fb663a5845109bbf04b6844304a9e

SHA256
6f4e95adfe29aa5dacbac952eb91463f8610cbba0d8cf3140941ab891c58329c

SHA512
f472d4144b501af36862dd286502c3cf96d50178f202af6ac7ae837190c61ed327013a68e44b900930bd79741d06e804182aa6c2538db94c80b5f95fc0f7ac6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
117eddee7d5fc1f1ffd15cc9254b6a1c

SHA1
c3eb9f87783ff4216089edf5aaff1b526e6456f7

SHA256
3993b5ce66bc8ddab095626a7175871b4a3fffa946af27eab4c1ddfe879d582b

SHA512
04b1dc5199a8e173396f89c043c9dca320bcbec62378f62f20428b548fb4536be90176b786646802c6dda13598b20bfe1f3ba415adefd426d9e0f91bea314efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
8913f18a5b69c5c7d28cd7494d6e6c99

SHA1
9d3466945adad306044d51a10db5f9c0f6385503

SHA256
c6f998c3fe8189c51de071009e5d65e64d3a7bbbcb0ad7d6e7d91ceaa062f2d4

SHA512
41de6a114ae47a7ca3fd3960ff950a99f49ba88a2c8bb633ef8ccf3d8cdbe89a7873d1dc9a594e9326ff71d3cec31d0c47859022566eec7c49fb2862531e420c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
147KB

MD5
2a84d3467912ee20868412c9a1e2330e

SHA1
a7de34015bd0859ed16a624d9ef796a6d1738a39

SHA256
f10bbfca50acfe4db59adc8bc7da9c2f784cbb8a753a57b4734cbca8cec13907

SHA512
15463f554272853d764f819fa25cc6c5c90e15602b1deeb32ad866eca43ecf8bdb24d40a3be874b5010cc0a5b81e0c554b92b5622373e4c5828be0208fea7f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
7383a76e8f70dc83ac59e4daac0e01b8

SHA1
eee90eca2ca37ea0fc0935165ed3cc2e1b28b459

SHA256
3bdcf8a3e7465a96079805f3b0430aea93d78a2ce713a824ea5cabe34828ea48

SHA512
c40fec6c4ce3df646d1a454f558490e4d337ef7e8d6387d9aa57d78544b0e28cee59b7b568ab0cd7ffcc2fc3e54b9f51a00b5e015b70661c885dd99ca3fad4f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
78938263d499e20367421dd34981dc4b

SHA1
b4be705e31cf231fd0c41d2299c5ac4e0b2db4e3

SHA256
81e3cbe10d23b98a4871123e3f6b6fceb9b7dacd8193d3f33efc0058eccd56b9

SHA512
c8a0fe0db734212acf2be582f034f90389053ca9705d7f47bfc493bb4f4620969818fe62749e9ae56e1a4fc473cb0dbe371f098786b167e001f635942b161673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1548_ECMQADDRXKFNCSAP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit