6ccb54c4a3aef1f85c06cfb50274b5f9d7420cb4b98a9d7a0dcfdf0a82aea2e6

Analysis

max time kernel
193s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24-03-2023 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

message.html
Size

149KB
MD5

49d7e9b6b3624458fffed26962284093
SHA1

049a4e6c19d4b4685038d8ed127fbfa88b0759f3
SHA256

6ccb54c4a3aef1f85c06cfb50274b5f9d7420cb4b98a9d7a0dcfdf0a82aea2e6
SHA512

da7b57bf69b0fa01b0b6a894a412980f9ed7f39644bcc92b31675f0bb7e51086ab9ab7d6f5901b46e9611888d7318e048a6b69043fa4cced272c0c538eda3aaf
SSDEEP

3072:lANAGXDOXPKuefL+CTKNDcaCeLHCQUCoiYshPnsEym9wm0ZU:lifcKFnTs1bCZComok96U

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133241634373109245"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4648 chrome.exe
4648 chrome.exe
4012 chrome.exe
4012 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exe

pid	process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4648 wrote to memory of 2172	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2172	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3768	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3316	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 3316	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe
PID 4648 wrote to memory of 2164	4648	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\message.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc9c99758,0x7ffbc9c99768,0x7ffbc9c99778
2⤵
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:2
2⤵
PID:3768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:8
2⤵
PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:8
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:1
2⤵
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:1
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:8
2⤵
PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:8
2⤵
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:8
2⤵
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1664 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:8
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1112 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:1
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4512 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:1
2⤵
PID:2632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=988 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:1
2⤵
PID:3744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3304 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:1
2⤵
PID:4180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3188 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3260 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:1
2⤵
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5044 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:1
2⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4876 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:1
2⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5084 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:1
2⤵
PID:4488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3308 --field-trial-handle=1812,i,1275895944737446871,15947761284378192772,131072 /prefetch:1
2⤵
PID:1456

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4532

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
Filesize
19KB

MD5
e7ca24dc3a47160c9af0d45e48f1f911

SHA1
c689e79b895a18c9f1334d6eff56744ae22739b6

SHA256
abb85c399c274734c689156024267ece39c2b96d82c752065c9a649a8abb4c42

SHA512
1b6c6e386b8ae1202e7699b2a56c7573ef44661c7c4977b0a9e261c576066ec3c536ea94c7a4cbb5d70ebef2405ad71aa1e3a10c2a9340c69831db53e2fccabd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
f826eed806c969d91cb24ed1c5704a39

SHA1
b954c3242220aeaea7fb617474c93ee083584dc2

SHA256
c3760e6d5961fa5b7a902ce69db0756735954ab0a131f8d0d8905de10f144715

SHA512
f0c0a916135000d63bd52747b6da25f9b72e6347ed7c0775b8a6a972d41d80565cfab756780a4ff06a4f27e9a767d0b24ed3c3b159a8ca65ce83c95b37e1a239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
882B

MD5
99735939e5ef7c0be7f105d90e11ed07

SHA1
2a5e97028031bcb78fb41f5d675e70789d9bb006

SHA256
e759a66c48f9ffdcbfbca1822bb2bbd7d8af4bf06d76b0016ca562ec3e4cf5c0

SHA512
1bb910363f3cf9fae4e30e2918258f83cbba70d36683e56ce359330a7954584fd42631636be20709f38969bf3f702269a36530e3cb89354b1ca26b324f604a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
4ae9da90918d72853dce0f6691a78575

SHA1
818e8aa970234f66424636c000444bf1f675a4f9

SHA256
5fbd5233b90f4093dfc20170c78a65e1a7d780568b594c86fc1e1fe57d24cf3a

SHA512
b8d09de68156fe442338d79c4d9b2cecb75069a353f143afef3b1162987ba3eaa2da792a9703be04af9269ece48bef4a8fcda20a37354a07e776a4cf42d9d16e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
4c4232fa8a6371a4fe911a8d86fd4b33

SHA1
547c3d3b968c0912dc263ef7f83806811d15bde3

SHA256
e08c4bdfcda6a821e7c322747b8fdd6a36e7dd9d81badb8aaec3b2210661a355

SHA512
d2b406e7c4ec39d51e5dff5119fbc597cad26996773391970450a301d37c272d577a173b47559fa0dbc96817ca25aaa8863665f5a0281268be6ce7bf735f6d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
882B

MD5
35e7828b50d42e96b9a75057839ff49c

SHA1
7874cc1cd844c876401a70a37008fa2a4be68326

SHA256
a9503687d21a084cd819f1534e75ecb48cb8e42515229e703af4615fe282f04a

SHA512
825097c2b7ab9f98d37fa04184e133a9e03e627b86cac2b0f3ee8eef69451833ac79473c17e5f43515372d934a88b7d9b42f38a8958da26d04470e7b3d20d348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
75284245dc430d40565aa2c29be92111

SHA1
06cb4021e3321b302d7ccf438a2337c72e7d1ce0

SHA256
2959f0726638cbd025fa6e3df7b3cf18e0ccf0d5694384db0deb3ab6237bcae0

SHA512
5118eacf0b9d0ce3a04cdf307c1e41b1833aba84f104679b61de045a3cf097d4b18cb1d9c9cf07481c077afb210f1a8075cf7082a04ce3393e791c18a9231b93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ec126c2130a570f0e2cca57de9eb95d2

SHA1
ccbb14a05f7784cbdccba1864722da0a484dfadc

SHA256
050725b895c6dd08aebf23549810a3ae07bd99a3ee702d7c2cd86465674fccce

SHA512
6c5848bf3889cf8202603706ab454e43430b07502efc972f9fa429a067ed797f1259e6f615380c6eb6ec6496cc58380169f9a5e27fc0a3fcbf11e0f9d75aea95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
47d180657735d8812c56520c025e4bda

SHA1
b4fcc57f089bf06c0e2f59962f4eaf3648655555

SHA256
e4e5e3dca68520e72ef508497af45bc7b79b027763ab10e31dfdcdb22945b525

SHA512
d75535049c4b71222dadc9bf11e77f2d7713353d7b7bce6a5a0f8370f6d07fc5f62bea552dcc8a04d2ad430a69b5fdb8d90519a5914a5a096aa8cc5f15e8a2ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c1a9c415bffb40ee1529c2dc16353d44

SHA1
a3ca3697187ca5c87bece593b0a7d017a1a965e5

SHA256
b5ab1c76b8eddd96ad13fe4a316917d9195283bdb57a456a2aaa49a6c8989d9e

SHA512
b4f52e1633aa6ad23610ffb72df82dc9c924a95b5fb1ff18957638473f5a110b34f98736d9e0916604cfc0a061bb8afbef4f6555be6a301c42d85eb99088462b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c8ce28e17eff1bc4d2fd52bc192f7ccb

SHA1
7f71e986e7c3e2121a38d65fcfd6b0a2748f3bb8

SHA256
c4e77240d61704c3a0e6524c5e56340c340ef6df6ba2c83080dcc2f1e552af9d

SHA512
3e62d6ec3b77f0e9c8bde0105cde266f02774b0687be632698939adb10819580a577739fa8662d449a17d166b5a9dc909e43ce401e1fbe145f6394c133264e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c3959356eede6dd06968f04c0662a9ba

SHA1
504245480bfdc7f7fb81694a82cf2613b7b3c2ad

SHA256
ed4103cd39e4d3b65159059af1cdf2c9fdb08d5674cbdcf2d40377a345d28868

SHA512
1d3dd85f9086240c701827af9b95920b16bd3ad867e62323b1c9b65dc20a127e7d7369065517f642c3259d6e98e8aeb9a67cd304e356d7b313682895ece89ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
345f420e87c6293c3f25fff11c11a9f4

SHA1
e525ddfb4774a9342a744b2475b064292bfa4dfa

SHA256
27a8982f82abb1f967f0dab559cebbf5fbe76f30de628dd222d843c0b3700975

SHA512
06bd0dd90ed2e3f51977389ea978a27c8c3c4b9a81f101e7c17bfdf87d107284435a0b2661583f5f87c2f577f2a5e11be9320415c93a396f873ec6f9ae7cff60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2a0fb1514c6505f97daf99c89cea2330

SHA1
2ae8658c04df2a453a4cab2cf4fa1a529fc0af63

SHA256
b43fe06b2e00c1a1a7216dff4fe40c0df03d8f105c8dc6fd815711076c4a4397

SHA512
01d75587be8570ef3eaa42b5d60d8b26af90590f33e8c830651422224f23af4970a3f58f0fb1be629e9bc0c9050edb1c64159af696fd071fe19c010873df15f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
91f82a45a65baf41aa92a47990f993c7

SHA1
dec7697628f3c8ecc9ee8b0dae764c7dddbcfcc2

SHA256
f9787e6b993d007a811c9214a1a8dd6ea041800b4612c46ad90de28bcf272374

SHA512
17398bea6bb2030a98bd4179f355bd657636f49060512713d2372939999d2d7e64964614b6827521cdbdca887ea6baa39f002becbf82e56621f5211740a0f7f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b153e9d0b9a2e75528b1626d51d19bcf

SHA1
f9b7786c2b58225f4208cdf77a012d0a38411e05

SHA256
ea2e987a40c33c54882b2575dcbfe80fda8a175b8686b99c5e730a51f4c0ef18

SHA512
c775dd92eb80ecf148ea03c3d1f0048c4989ec1f30f3088cd3c77f0997e1f08ca83af3656b43601e327557430a26e2209dc962a93d7974ca5dc15aa9329707db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5fbd45650cb92ee0d16094915336ca73

SHA1
f1ff6fe65aa0b5225475da86cd6f40f7aa02de3d

SHA256
7fdd205b4ebe56a1f36dae673e36c219e88d7510c7f85623de3f8f2337423de9

SHA512
b672f3f8b0d3fbba14014427b9726fc7127cd9543aeeebe8becef45101e50ab39523afbe522112ba9f17adbc2bb9382b284e33bd9ffc5511324228aacf052a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
60084dd48ec693986527c0ba6e1c31ec

SHA1
5949da827c2c2dbd176e54a5f1c259ac2a9c7db3

SHA256
90040397156f7f6c42b3b7fd6e81590507e459c0d92c01ab0736a7bd91e05b36

SHA512
ccf0c886f230565067010bd09aa0d2b5550a7a84e18d8b1d84530e9df85aefbd8c4d8563e396b5e5ef9bd1d32053eb495e828c9ea079b3d0f74851e021e099b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
25127bb27f344dfaebe79ec6c73643ae

SHA1
98d0b3878985786f8d1b679b840c7c1baee06858

SHA256
7abc0afa9596aaf460d157099d3053853a054570218bfda5a31d1102a11ce5d8

SHA512
0c9b1cc21d0d4b6940b869551afe65818546ec52f2fe3d0c9e4652ec6481cc88ec8a9c7e6d7e9fa49d3cafc892071b256c1916f33c763b1965c0ae11a7a12f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4648_AXHXLZTDEGTHVDGC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit