hxxps://shared[.]outlook[.]inky[.]com/link?domain=security[.]microsoft[.]com&t=h[.]eJxVUV1P4zAQ_CsoUu_p0jiu7dhI6GgLhfINd6raR3-2hsRpHKeBoPvv5_KCbh9Wo92ZHWn2M-l8mZyeJLsQ9u1plrVadt6Gj3Flpa_b2oSxrKus6bjnLlinf1l1ZpRATCueYsJkiuQEpQALngKqBMmVZkDQEZ4zyBlhRKVG0CIVOZCpZIVIFSEKak0nCBQ_vJZ2b7ULU6W8btuzEQKXD_PYR3Cx7i9Y25lDxSBbbm4XS1iI1bocyLDDV6Yf9EPonyazad0Y26wWrny1_L2NwnBRzfcvw_z-7XEalZvV4_DbgffZ2ueHmxfYQ9RF2uz2mlVKNk9LEc9t4uDwjMzdVf2cr-8K2gyy-jO7Tn6eJG_HjJwOtd-aABkEBOJM6qodu9qHXa_L8nz4cDJoudv6utt_pVZAknPKMTEFLyhDWhFMQCFhDkDcsCwnFMeCaDKm-Oijjz7fYZ9XMRG-tW77_z-OVBWprivLCG2E-d9_omGRDA[.]MEUCIBJDpglWV-ky8fgQ785-9glaHKX0WDNgFXUmYb73CGJNAiEAmrCyOWzZl_cwdhJ8HibIRXj8T0F1BAI-9jwnW19NGOk

Analysis

max time kernel
348s
max time network
341s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2023 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shared.outlook.inky.com/link?domain=security.microsoft.com&t=h.eJxVUV1P4zAQ_CsoUu_p0jiu7dhI6GgLhfINd6raR3-2hsRpHKeBoPvv5_KCbh9Wo92ZHWn2M-l8mZyeJLsQ9u1plrVadt6Gj3Flpa_b2oSxrKus6bjnLlinf1l1ZpRATCueYsJkiuQEpQALngKqBMmVZkDQEZ4zyBlhRKVG0CIVOZCpZIVIFSEKak0nCBQ_vJZ2b7ULU6W8btuzEQKXD_PYR3Cx7i9Y25lDxSBbbm4XS1iI1bocyLDDV6Yf9EPonyazad0Y26wWrny1_L2NwnBRzfcvw_z-7XEalZvV4_DbgffZ2ueHmxfYQ9RF2uz2mlVKNk9LEc9t4uDwjMzdVf2cr-8K2gyy-jO7Tn6eJG_HjJwOtd-aABkEBOJM6qodu9qHXa_L8nz4cDJoudv6utt_pVZAknPKMTEFLyhDWhFMQCFhDkDcsCwnFMeCaDKm-Oijjz7fYZ9XMRG-tW77_z-OVBWprivLCG2E-d9_omGRDA.MEUCIBJDpglWV-ky8fgQ785-9glaHKX0WDNgFXUmYb73CGJNAiEAmrCyOWzZl_cwdhJ8HibIRXj8T0F1BAI-9jwnW19NGOk

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133300335688634043"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4596 chrome.exe
4596 chrome.exe
816 chrome.exe
816 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4596 chrome.exe
4596 chrome.exe
4596 chrome.exe
4596 chrome.exe
4596 chrome.exe
4596 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe
Token: SeShutdownPrivilege	4596	chrome.exe
Token: SeCreatePagefilePrivilege	4596	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

chrome.exe

pid	process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe
4596	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4596 wrote to memory of 644	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 644	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3424	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 4004	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 4004	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe
PID 4596 wrote to memory of 3776	4596	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://shared.outlook.inky.com/link?domain=security.microsoft.com&t=h.eJxVUV1P4zAQ_CsoUu_p0jiu7dhI6GgLhfINd6raR3-2hsRpHKeBoPvv5_KCbh9Wo92ZHWn2M-l8mZyeJLsQ9u1plrVadt6Gj3Flpa_b2oSxrKus6bjnLlinf1l1ZpRATCueYsJkiuQEpQALngKqBMmVZkDQEZ4zyBlhRKVG0CIVOZCpZIVIFSEKak0nCBQ_vJZ2b7ULU6W8btuzEQKXD_PYR3Cx7i9Y25lDxSBbbm4XS1iI1bocyLDDV6Yf9EPonyazad0Y26wWrny1_L2NwnBRzfcvw_z-7XEalZvV4_DbgffZ2ueHmxfYQ9RF2uz2mlVKNk9LEc9t4uDwjMzdVf2cr-8K2gyy-jO7Tn6eJG_HjJwOtd-aABkEBOJM6qodu9qHXa_L8nz4cDJoudv6utt_pVZAknPKMTEFLyhDWhFMQCFhDkDcsCwnFMeCaDKm-Oijjz7fYZ9XMRG-tW77_z-OVBWprivLCG2E-d9_omGRDA.MEUCIBJDpglWV-ky8fgQ785-9glaHKX0WDNgFXUmYb73CGJNAiEAmrCyOWzZl_cwdhJ8HibIRXj8T0F1BAI-9jwnW19NGOk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff865aa9758,0x7ff865aa9768,0x7ff865aa9778
2⤵
PID:644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:2
2⤵
PID:3424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:8
2⤵
PID:4004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:8
2⤵
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:1
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:1
2⤵
PID:1564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:1
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:8
2⤵
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:8
2⤵
PID:1348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2592 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:1
2⤵
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:8
2⤵
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2176 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:1
2⤵
PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3248 --field-trial-handle=1828,i,5234837199518189360,12224141959038329907,131072 /prefetch:1
2⤵
PID:3008

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1216

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
19KB

MD5
9b2d198616db6bb2a75198d2ddc4fa5a

SHA1
c711151621dc2d702596576e6e5d200cd0cbb7a8

SHA256
6b429d70aefa1b20f85df62677373839c98d16d6c347c8cf0c27392e6e69c535

SHA512
7400602c7c820c4848f7f23d751328e6935c9fbacab9cb067e81f6d16ec9d503c98ea7a932e4be0ccac502bf8c40496fcc6f000fdbd7000314479447922f2ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
a0fcef6824871b4d2ee36e809a9ae7b0

SHA1
c8014c3122415c41c3efa2f77b9e849cbc3ac73f

SHA256
488413e7a58ba1a60217225eb30f3063268d64768358ed95cbadbb72a9809983

SHA512
21edc0af1aecf765554ce9fbca1a023e59e04d1f70eaf31aecaa7759afd9a2df5343117f1c7ef3e420c3369e88d2ad460739c58caf5ba0c871cab2f5287016db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
1bff9a45945ceaf8a182962cfe5ed302

SHA1
9fbcc4631cf03478274c95ec0428629a4e1e95e1

SHA256
f01d61de8720c231505639c2c4f54104515ac87e59fa4d955883440ce3f3ac37

SHA512
e098a213ad0a4c909a3c54e252f7c986540f085ceb89a9fe224e1e6d68962446f84c73d68779b20cffd8eb46c5a0c3b36a6879c2f0be25e5dea4f4a2b0431d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
c1e14115e49cfb791223f7f213e0afe3

SHA1
b309f5ec76925433228ce756cf77a8cdc9bdf913

SHA256
2245795f5bd7a81d6b779f1e927c51893e3aecb67d16720f531aa9c50c5ab2a7

SHA512
9d49cfb5596081983741b78d62e7f46be665ea2823926e7bf27490e5eebbc1cec2981a3b9051b9276f4bcb1af2426ea7ec38a1921ad9ed1fa927a0085888494d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
0e62bf7ede77116d3334401f53427b21

SHA1
eb9c6bd745ed137f3983d7ca400982bc3c864232

SHA256
dab1c64d5b95b878a191e5efcb2181c040f08eedba72d6eeebb7c0937e3681bf

SHA512
60039617bc7c6722f87d1ed7cb838181779e5180af72cbbd22439d271ce9199d1108276374ec48b7e3b590b3c56cee82b385a82e784e2b2aa440278973132eb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ee8a5d6795768ba71e02fd2a46243cbc

SHA1
0ef2cf30ae3a5fe7e4d9cf2efdf4ce7f1c7a0a94

SHA256
dce863b26cd6265ba502684ff2d4aa094dcdd95e7fa82b551aafb237443ae54e

SHA512
0912079a5c0bf7d351099556646d6f6d2be0282812f14ef9fb00abab620a62ceb59cba5a02ed532d8079499be2b5f818b08bcbb96d88b726f0e1a5d59ea88abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6ebf64dd9349f427b674a19a51e94c47

SHA1
b95b9f5138b17464b6f245e15670b251a858fcb6

SHA256
46a22da3a37a9e833e487b1fb183822822b18c2e4ed4f7f3cac568223a2d1783

SHA512
8a06f02f2d6019470da9d234df4973a014296d3b32b55215651b84bf5ca644baba15fb9e2097e127b60968fe03bc9d9da3bcd85bbe8cecba6b5d2a7ebe8da902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ef327624fdfd0f258cd9162de26d9819

SHA1
fca6dc9a75878da83732d2dcddf851f0a2ad81b0

SHA256
649ee4802aad2a9240ee4f6647e7e6b292ba541fd2d6bfcf07e382a22281bf45

SHA512
2db774d2ba0dd16f627e90791268b6d5f5abc490cfbbf04cfd99b2a1ca107b2811bc8c8f4275c4648e41dae0bd8f6a9337fa4bd38dce9eee99c74f4d9a65cb67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f7a2e3924f55aea29c9a59c5337e7280

SHA1
bcfbbc8d2c41c41fb13a33c57416c8b609a2b79d

SHA256
0ccb213ad1089685ae5f6c72b29f10f7365a5a11357ec17c20d429861c07a155

SHA512
15558c0cb1fe47b608541e831fe2eaf63161c1f6b918892cb170e938048cd4d8f184d14d5521db22d68ec013d54e32f4563501efaf7004d1ccd7bf7685479657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
292c4e8695a597b9819545700986dd41

SHA1
47f2bd36e91ef5b008ef40af4e65e9b6e97a2bdd

SHA256
a26e51a922a3ce7bb57d07fec9e892767b6c93adb5ab8614f74fa36c34a7322f

SHA512
f681a92e94bd26f4002f9b3cfca971369aba65166fdff48b28f527e078e31801c7101c122d009080ee5da766b3155e869b226d4cdc8d9b0b569b570d0679b29c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a2b0696954e098183fd6936d9b9ea26f

SHA1
26f6c4b1864ff51a95678b522bd4eddc3f33a29d

SHA256
551ca4e081adf5eed1bf9d25050b1e4d8b5c047abdebb292007edd4edc359a54

SHA512
b70364985c37ea2a9ee0e1d22e05588b852b11c6e4d81db50fce381b94625cfb80a7137b9328a71500cacfae22f9fc38674eed0272e8769396f29154c79fc68f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b74cc2a2f6a6141e6f9548c6fa066ca8

SHA1
97b99b41ef1a719cde915d867c3b94a21e26f6b1

SHA256
bb654d7d45ce38bd7dfe6df3f17fc72a94ba2b1d06d768f55ccc208e99207231

SHA512
ea25b8536f16e382a00396ec64437cb4b01ec0d22beb3641a1dde2f876243d626f54fb7dfb0a37ec60ef42609e76308eecea6107f3c668ab6f38e8d0ecc15c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
3126d9dc4dc694612adfc19ff0f61d92

SHA1
58ed01c2ab54d3c3a8cccdf3ae2cdbbc9d111516

SHA256
797f266e3d9b3cc7524e5ce2db500dc6f1373b3edb86809908ffea9fc36495a4

SHA512
2b756daec876eee9e4d6be86278f2e938b31dcffa7b6f3855ac01b3e70132fe292f58ec073a431d8c9342c54a5a456e31c3cc076e8217114444f57c9494bc224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
58cb7fdc1336675850b95a8e2bd05d94

SHA1
24dde90395f063908b446714f24b96616f8d25d2

SHA256
87305bc83e91250ddd1b427a97bc818a0789b02d66fd0d15d3a4731b3aa01b27

SHA512
4a2a6ae134506356833b14f63dbc7127b628a705bc0789264823cfc55d4fc33d0f228b6edefe9cd7cb402ef247947f52792d9d6b705aca79d8f3564d3ce8f4d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
46089321c1e55e76ebc89be2f4c5bae3

SHA1
9308dec273c5dc70ce2e7ae8b6a7149f26d3019e

SHA256
509fc5456932bd07386723030a7c680cac9d09889d0e835f3d6c38b5d9f7727c

SHA512
bc714e3cdb035c05d71b0fe0b5816ff337e0a9d8b7619568f4283f141eb84b10c6b864eb86cfdd2269f18800d7c3c744c9534b81902732236fe4183e5cc3fe7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
47dcb60a2402fdede4be10abc7d28114

SHA1
49854a4b4e5d06c868485088b30a56798f508d7c

SHA256
06cfd7cd7b72f975f3c59d22932b73efa2a03f529081ee22b41102b9d02e4ee7

SHA512
61ad4596bd912fbc363326ca0b881a12c1a93378e91842d317d2098e7eb958514f8a0690c22f6eb01bd5053296817c87347d09670be8850129b063e3dc11c5c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
154KB

MD5
0d21b447582ee120d89f2e3e6ca5ddff

SHA1
027d5f74355617129c3c25ceb63b03873cf34013

SHA256
1ffa3a1e95ec566636e379148f6935b06363863afea99fa9573b8e550f2f2699

SHA512
cd77c728acd1b258353db4741b3b17df553553d65986e12ad3d8eedf8f0a223067fcb9fa317c0027fa5286d7565eb66c399a307a56accddc7032fb03aa4d625a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
154KB

MD5
b7c424b3a4c343f6deac9f163149be68

SHA1
4fd409102ac86623371e7fb4c3cfac2305fb367b

SHA256
a906138a96fa37ec4254cbd3adeda3745bb8671c6cf8f9f71b3a9bccadbe6100

SHA512
360360ad270d1889362ef7502bfa30e40101fa46d3f4627ad6a117ea45436bfa91c5f6a828a4d53010c38073bc6366f7a6f2a98b3b0fd15ff353dd9903510a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
5865812d29fc77a984216ec9ce07494c

SHA1
f68bb208c958ceb86ced448059cc9ce33689b7f4

SHA256
7ce9190d3af2174190843d0ddcca64a435aec1a18d5c8552a4a204077a97cf02

SHA512
106be5e5684d097b95e8106df21e90caf01fd605ecdbc33b3385d741f3c88e1df83e1bd195e7fc3899115f52a8fb6ae233445d57959c5b29bc84f3d9bd1fdac6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591275.TMP
Filesize
102KB

MD5
07e762d01f0a8a64362e782b0fa79585

SHA1
097281468f4b5d63acf864dc1647cf2897231af0

SHA256
7dd05b4a81faff0bb30a7924263e16d434cd77ba4397e913abfe7a4343234623

SHA512
e7844f2e0948003a786355dac94dfa40ce3d5cc1fb988293a1e716a0038c9a268f5e7da34ad4f7b38c9cb08e412d87027d08e7fd7d533ce4786c59c6422c19dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4596_UPLNCWVPBPTJWDJA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit