hxxps://ppencrypt[.]blob[.]core[.]windows[.]net/ppmoreinformation/ProofpointEncryptionMoreInformation[.]htm

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2023, 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ppencrypt.blob.core.windows.net/ppmoreinformation/ProofpointEncryptionMoreInformation.htm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133328830088987707"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4520	OpenWith.exe
4520	OpenWith.exe
4520	OpenWith.exe
4520	OpenWith.exe
4520	OpenWith.exe
4520	OpenWith.exe
4520	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 3684	4796	chrome.exe	87
PID 4796 wrote to memory of 3684	4796	chrome.exe	87
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 212	4796	chrome.exe	88
PID 4796 wrote to memory of 3988	4796	chrome.exe	89
PID 4796 wrote to memory of 3988	4796	chrome.exe	89
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90
PID 4796 wrote to memory of 4312	4796	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://ppencrypt.blob.core.windows.net/ppmoreinformation/ProofpointEncryptionMoreInformation.htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff153d9758,0x7fff153d9768,0x7fff153d9778
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:2
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5128 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1660 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5148 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3180 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:1
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5304 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5480 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5516 --field-trial-handle=1780,i,543178776747642582,10295478342863520291,131072 /prefetch:8
  2⤵
  PID:1412

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1644

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument mailto:[email protected]
  2⤵
  PID:2096
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff153d9758,0x7fff153d9768,0x7fff153d9778
    3⤵
    PID:1500

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
30c8f6f3f0969a7fe5389ae215cf4c60

SHA1
bb5b1f9e19612588deaf6e9f297defb3049c02de

SHA256
abf5d86e6c69fdf81cd65d86ac9e8ec0103df5a1b60ab7be04b0babf87cddefa

SHA512
a186a00ec9fb9730979211b7534c5c157765e453f68182729dd906e309bda2ab595a826488d1190cd6d54519ae8fa4280b0814ec9e97b3f1d0c95db097348e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
30c8f6f3f0969a7fe5389ae215cf4c60

SHA1
bb5b1f9e19612588deaf6e9f297defb3049c02de

SHA256
abf5d86e6c69fdf81cd65d86ac9e8ec0103df5a1b60ab7be04b0babf87cddefa

SHA512
a186a00ec9fb9730979211b7534c5c157765e453f68182729dd906e309bda2ab595a826488d1190cd6d54519ae8fa4280b0814ec9e97b3f1d0c95db097348e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
30c8f6f3f0969a7fe5389ae215cf4c60

SHA1
bb5b1f9e19612588deaf6e9f297defb3049c02de

SHA256
abf5d86e6c69fdf81cd65d86ac9e8ec0103df5a1b60ab7be04b0babf87cddefa

SHA512
a186a00ec9fb9730979211b7534c5c157765e453f68182729dd906e309bda2ab595a826488d1190cd6d54519ae8fa4280b0814ec9e97b3f1d0c95db097348e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
59f6faf8ccc364ff0f6ab3b22abd01f3

SHA1
ec6617056bc527a5c8d9da1a43d7674f650728b9

SHA256
962ff3802420090f0f3a78732c1b5b6817919bd060dd3123665c4a799812bc66

SHA512
1c7ffab0dca910fb2d03ee4bf611a65031d2cecd8d8180b0128741a2fbabbc516ee4abb7b1032e5c7bdc5810cdb9aeaa3df5dc1f5d356039380f42bdc3e4ae97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
17e666489c3fef99122b85c3455e5a69

SHA1
bba195e50c135df653cd472989f6d497775526a3

SHA256
3825b246a31ada8a83a501b7ee3a00633853079ee3659a85d30988b08c4da79b

SHA512
40e39d7ee5b3c30f17f5c52e1639bee46eb4385d390c5f53077215b6897169d6f93de711e61ea87e661a314bef265a2cd29945a4d9fa90e4c2304bb6a03a50b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ff1d826a65a7b5a6396f390086fa2a07

SHA1
7f1fca4ca0cba793521e70b500ea1dee5c27a368

SHA256
c36ed2a7ee4f6ba8b9cc41c7c7b99c71d2dc3eddfc3f91854df15d0bf6e194a5

SHA512
5d58d20af9aee918e1c6c01178abb70f607016519b3d4f5ca8a196f7ab695319bcd2a3492d4ee37162707bef81ff450806ee5a444230879ae73fbc8f86754976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a44872c54b18dd7df7aff925d34764ee

SHA1
cb23acddc0265d5f0972a62c3f7b6b9461d2b1e6

SHA256
f614ab13deaf4059899675050404afd83c1b90e8673e44aa42ef04254a11d9c5

SHA512
cfcd459e737bec4c61cf0fb7eeac0036d1ac124d2b3646bb8e22f445ce7697d65736396c2b82129cafc1a16b75a248f807d455bb5863927ff7389a86fc4e8d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dc60561ce0ae61aac81d689a6db90938

SHA1
4ee71447d4f32a90edecbc9bdb40e87b70e76e5c

SHA256
1abf42d56d8a6626805e5a933c7acec503c00a62d21f90b00fb836b93f53119b

SHA512
48e347d4209d4951fd26a7fd4ac0822cbf648c6ca580c7db8f834086fca688fa1633260b78ffd92b59e616121c4f503ab82877a3c882e55f98124c2187610c4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4d2028309cb2ed329255d53819716125

SHA1
d8869bf21716f73059a031339f2c3d02ee868d02

SHA256
1223216f67a8c89b4e89857c943ff9f7433b82c7974fa47e09793dc50429a3e8

SHA512
358f696ab984ac3edb4eef5c567c0849e3bea701ce11b229459a35b66cccf6c3a92f13ff8e4ed524e62f946c8fb51d0dd7e91b4eb0938440c5396fb5eed55413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f172c8de0655e64758694d9d40624ef2

SHA1
333d0cb80c330c0cabeb0f97f22b954e166e961f

SHA256
a0096f8f19be58107150cacadd85e7e81281bcefdfbefd37a3ce7e0814c216a9

SHA512
2538a8226c33c96bea9e0b0161830a3997fc23c15e429b455bde3937d0152d02d6e579bcbad8cd8839970d89366aecb87ee5de73106d4ceb5c6e899ee2bf3b28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
15da94708a5ea545ed370b2c118677b0

SHA1
914c26c746461c557d56b7b41050609f60a66264

SHA256
a325042b6bb37c473814fb809ad2d85ea2178cb601968e65b7ed804382abde11

SHA512
d5a3eb439e0136419677c4147463610ca349609fdf600761ef066a0daf6a2ed055f16ed50cbebb15e4a2d64a7db2f6e4baceadf539bdb67108ebe504405ece19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
7f07fe1b629cc1300bf25e6901507334

SHA1
1d73482ed99c2f01de04343c892e00b2a425ab75

SHA256
4dc0e9937c035f33ad06be5b6c59758d61921fe12349677bfa670dd5b949fe62

SHA512
be020f7337fe7868ee928a597b37919a992879989c7ca0c664a8d6603521a8a67b1b251debe39d0e0255f47e919a84914c0e6574ae4de8f0ca831ee4c3544dfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
1fa478a63d65bbdab24cbc7e858e0fb3

SHA1
e44c7f5c8eb25612e708244bc1456f30f4c70ea4

SHA256
6dcc728fce80998bdee331dc0a346c5a6027890c43a13b4be113d8a80fd15ccf

SHA512
798c4e8adad3362d0da05ecf36fee54bdb8a41e28d6773490f1553c0a614b7ba28c7cd2701edef88f0f8e321980062150c1ec1c5e0426a47b0adc9bbe5bbfc13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586c42.TMP

Filesize
96KB

MD5
d34e0c34a3795021856803b18fab1fa7

SHA1
609570e831ccf0d9cc3ecd0a594715775095d358

SHA256
d52ecc43b87e7d44c6959052efd1bb135267705781d1a2b5b366107ba43d5d9d

SHA512
08094234cd8bac1c4853d2e138c6ddf5cc164659b2b516dff06e29a4869a02e213e322ccef04b97278e04d6900737441bd257da938ba2701ad2462e2e782780d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit