hxxp://trk[.]strandbags[.]com[.]au/ls/click?upn=UgqV44TiQSy0ypM6fwp4JjsldDhOsRptukj3IX9j3zi92H8YDfFS-2FFGemqjMVTm29GHeeiU6VaTLyejbQ-2FRew4Y0hvexNUAF4ccsOB-2BVlAh8HXuoiAonjIWPln0W9Lb14fIHuD-2BZngxvkdul4x3dERi4hM3gRpxQH5j9o50DNBgGAvswRc7Z8N8haBvPEzUjJEAvP-2BQlp-2Fnc92ysz755XqIFqovCla3sIsSlsKaAeBJLzkW5LG5Tad5qUlylW8YFYb-2FJ5SPOSraKs5-2FN-2BrR9bk5bsJxW6AP8yLCbONrPo4OyIWJKDd2LnHe8O3Y95q-2FjON98n-2FASYSEUL96MiN2uHhD9o-2BhxGc7AIW-2FgmygOv28-3DR0RQ_xPk8ue-2F-2FtXt7n2KbxBHui8BECXy65Q2FzD6SnjcsNz7jchbw6zpsJd7UWx0aRqASzltxppRrJNxhB0LYSqDihD0T8Ips1Tz8Liz5rBRPywi6tDIVU7akLBNhmAb4Mapo66H9I3pBMlgEUEQFLM7JDRm1nIfxT-2FdlBwW-2FSD5W1a7H-2BGPvqzI8DWMNnsTJhHmPzxwyqE-2BdZRHBZJUjhiVz8LSDUkRPfiFpbZYW9ppuWfxlH8M1sPhKy1o-2FPgJsWS9hv5n7UHuLQRewibQdOsb9eBf-2BAFfqzJX8hURB-2F1Y35fdkSiWbkIQ7nN60iigXQOJyHfYpt5ujuaD-2B7mm9thnHsYS-2FfwtO-2FPKSNMHYSfEgU7t7hfMCdVow1UNIWwbUDJr8CBkTfTfGlo6f1FJEE-2FBFTXd4b8PaClDbZMcxlYx1R1JYl8rrM-2B-2FjTbZHSexXaM0z8yjt86Iz6Astq3B8-2FDegH-2FVrrB0-2FUIN7i5iM91NDG7c-3D

Analysis

max time kernel
60s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2023 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://trk.strandbags.com.au/ls/click?upn=UgqV44TiQSy0ypM6fwp4JjsldDhOsRptukj3IX9j3zi92H8YDfFS-2FFGemqjMVTm29GHeeiU6VaTLyejbQ-2FRew4Y0hvexNUAF4ccsOB-2BVlAh8HXuoiAonjIWPln0W9Lb14fIHuD-2BZngxvkdul4x3dERi4hM3gRpxQH5j9o50DNBgGAvswRc7Z8N8haBvPEzUjJEAvP-2BQlp-2Fnc92ysz755XqIFqovCla3sIsSlsKaAeBJLzkW5LG5Tad5qUlylW8YFYb-2FJ5SPOSraKs5-2FN-2BrR9bk5bsJxW6AP8yLCbONrPo4OyIWJKDd2LnHe8O3Y95q-2FjON98n-2FASYSEUL96MiN2uHhD9o-2BhxGc7AIW-2FgmygOv28-3DR0RQ_xPk8ue-2F-2FtXt7n2KbxBHui8BECXy65Q2FzD6SnjcsNz7jchbw6zpsJd7UWx0aRqASzltxppRrJNxhB0LYSqDihD0T8Ips1Tz8Liz5rBRPywi6tDIVU7akLBNhmAb4Mapo66H9I3pBMlgEUEQFLM7JDRm1nIfxT-2FdlBwW-2FSD5W1a7H-2BGPvqzI8DWMNnsTJhHmPzxwyqE-2BdZRHBZJUjhiVz8LSDUkRPfiFpbZYW9ppuWfxlH8M1sPhKy1o-2FPgJsWS9hv5n7UHuLQRewibQdOsb9eBf-2BAFfqzJX8hURB-2F1Y35fdkSiWbkIQ7nN60iigXQOJyHfYpt5ujuaD-2B7mm9thnHsYS-2FfwtO-2FPKSNMHYSfEgU7t7hfMCdVow1UNIWwbUDJr8CBkTfTfGlo6f1FJEE-2FBFTXd4b8PaClDbZMcxlYx1R1JYl8rrM-2B-2FjTbZHSexXaM0z8yjt86Iz6Astq3B8-2FDegH-2FVrrB0-2FUIN7i5iM91NDG7c-3D

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
205	api.ipify.org
207	api.ipify.org

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133367083737826393"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3336	chrome.exe
3336	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe
Token: SeShutdownPrivilege	3336	chrome.exe
Token: SeCreatePagefilePrivilege	3336	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe
3336	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 1476	3336	chrome.exe	77
PID 3336 wrote to memory of 1476	3336	chrome.exe	77
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 5064	3336	chrome.exe	83
PID 3336 wrote to memory of 2880	3336	chrome.exe	84
PID 3336 wrote to memory of 2880	3336	chrome.exe	84
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85
PID 3336 wrote to memory of 3084	3336	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://trk.strandbags.com.au/ls/click?upn=UgqV44TiQSy0ypM6fwp4JjsldDhOsRptukj3IX9j3zi92H8YDfFS-2FFGemqjMVTm29GHeeiU6VaTLyejbQ-2FRew4Y0hvexNUAF4ccsOB-2BVlAh8HXuoiAonjIWPln0W9Lb14fIHuD-2BZngxvkdul4x3dERi4hM3gRpxQH5j9o50DNBgGAvswRc7Z8N8haBvPEzUjJEAvP-2BQlp-2Fnc92ysz755XqIFqovCla3sIsSlsKaAeBJLzkW5LG5Tad5qUlylW8YFYb-2FJ5SPOSraKs5-2FN-2BrR9bk5bsJxW6AP8yLCbONrPo4OyIWJKDd2LnHe8O3Y95q-2FjON98n-2FASYSEUL96MiN2uHhD9o-2BhxGc7AIW-2FgmygOv28-3DR0RQ_xPk8ue-2F-2FtXt7n2KbxBHui8BECXy65Q2FzD6SnjcsNz7jchbw6zpsJd7UWx0aRqASzltxppRrJNxhB0LYSqDihD0T8Ips1Tz8Liz5rBRPywi6tDIVU7akLBNhmAb4Mapo66H9I3pBMlgEUEQFLM7JDRm1nIfxT-2FdlBwW-2FSD5W1a7H-2BGPvqzI8DWMNnsTJhHmPzxwyqE-2BdZRHBZJUjhiVz8LSDUkRPfiFpbZYW9ppuWfxlH8M1sPhKy1o-2FPgJsWS9hv5n7UHuLQRewibQdOsb9eBf-2BAFfqzJX8hURB-2F1Y35fdkSiWbkIQ7nN60iigXQOJyHfYpt5ujuaD-2B7mm9thnHsYS-2FfwtO-2FPKSNMHYSfEgU7t7hfMCdVow1UNIWwbUDJr8CBkTfTfGlo6f1FJEE-2FBFTXd4b8PaClDbZMcxlYx1R1JYl8rrM-2B-2FjTbZHSexXaM0z8yjt86Iz6Astq3B8-2FDegH-2FVrrB0-2FUIN7i5iM91NDG7c-3D
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7fff3af69758,0x7fff3af69768,0x7fff3af69778
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:2
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4684 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2908 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5264 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5404 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5088 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5472 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4936 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=824 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5220 --field-trial-handle=1816,i,7930285968178548843,7053340198002215469,131072 /prefetch:1
  2⤵
  PID:4312

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
21KB

MD5
fa2b224c1ed8ee47e3001284e963e2cf

SHA1
12361b55e7d5297c0731f29b1d3b7f81926ace7f

SHA256
4f7232d3ccc7ecafdaac4dc5755e2af24a51a8880b41bf721fb8c386180f4e97

SHA512
ccb63a541e1f91a894511da5db93ae6b7a43b7c6702f2578b9559a0e887512ff6953f75018f851e5fb4f40c2cbfe009259220ff0cb8bb883cba629b1025d7f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
592e5b85c595802754ea1ab1b2cd2886

SHA1
e66a40a9d3405f6f78d9c47e65939e384f9e00d4

SHA256
c81ddff2d6f4da447a4563f4647b81b55d1c04216336491f0d7c3ad2f7fb96a0

SHA512
785bfc4c2f65b49dcdcd817d9c8938f815bf4fdeb403521698c1f67f8d2dbd47f55d13a82d6ac97804600af2f09ae39843b827aee8ef3679003b75e60a55dd0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\60defd90-61a4-4f33-a352-a4b7db38b835.tmp

Filesize
4KB

MD5
59626ab6473c3c242adc4462d508d294

SHA1
146d91ecd4faaed78d9e4eecdac3cd0f2e44ca49

SHA256
3940978ef7da7914111c4ccf998af55b63cb151cd9f3a3ce460de2f16b381def

SHA512
fc54d8bb782c5b22097208049418d70f33c4f41e3213a2f04f4262508a118f4bbf0cbbe9b0663b81d385a14e45a0149ecf69234679e58523c703702094ba3e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cbb9385db52a1611cdb9129de99b6057

SHA1
3bf910d6d5223bf3f8746d3b8bb9560b701f70bf

SHA256
6cb0c6f5455b24ab51ad6fbe5f877f09e8c0f48cf73afb724318cf73039793f9

SHA512
e278f37f8456fa2b045f4b386b475121abc123afca70356204a76d97e8bf89d823aae555c2ad061ca00e94beb72167431f034f56abc3c64614fb7efc72b80318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8e000ea277d1ec697f1abc7b50423a62

SHA1
11633911d7b70687571aded624f6a7e81e749564

SHA256
a50adc6e0ce354f7e995f0ac5caa2d1882ea4cb2556b7515abfa3eadf42b12cc

SHA512
8ff3ffe9f97c335391e0c481c47d101d5bd4cb83e91c2368365742ac3381043e1ff56f36f6a6f40267e8bb468c74c409a486f06c6c3267c61db75ff751e5c482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e005bc787b6538726230ee5c85ab7a88

SHA1
21bfbea7c5ae4ae048a60501be716e050bec1ea6

SHA256
af9e1e7903bb45d1b4cbeb828f229cff9c2ba65393d2061bcca77842b7bd88b8

SHA512
22e816a571589ed6b9bf3ff5edacd0d82a8066948373b3e49262ecc72d146c7be3025d628848bf7fa4bcad61ab7990fb8d2c2b1013b6169cce74a6053f705269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b9833708855ba4e5cd7d8a4359af8589

SHA1
f2c999777b23d802d8cbc05de4155c9453ab9621

SHA256
988dd92042d021348d2baf46911742f65a020f3063663bd3d684d533e627e2b2

SHA512
f185ffe3a8dfa14ca2fb7c72496b49915d35d4d7f9166b49e3de80972bd60a7531b04e86361d6552e185a40faa5e1c291ce03bd88d10043590dd1162be32c7c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\6a65a6ba7bfd4cfe1c08e25605e45951470ebc66\index.txt

Filesize
125B

MD5
cd5dca70673d8ce8794b074d9a1d7c54

SHA1
cbd353bfa85662ad12f7361b9e277dbd20b089a5

SHA256
aa1ddc534e8c3efbfee43366377c631e6e0edf729141e86c5401d9a44feb8771

SHA512
c85ff536b9a302f6ff558301a3999361b42970cda7d2a6e07a092ded34738e2d79bc182f3e7e190747e6927df508da4472aecf953b30e81b7320fa53a84a0a49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\6a65a6ba7bfd4cfe1c08e25605e45951470ebc66\index.txt~RFe57d5af.TMP

Filesize
132B

MD5
6cf7aca6bdf00dc374d7d1cd1b05df7b

SHA1
f84db0ee31d6261bb2ff77cf17963678e5e2aff0

SHA256
33b0fd30eb21f7d22d1de8cf8aa0e04cae9219149b5dedbbf3b9b4839f7c07a1

SHA512
0b0fe71bffb039ccea9bc9a6b9fb0e27a7603701ad63c62b45f0bceff0354c877093e4aef707e3fd11b8c1f998152fd6eb4381142b5ef952a7974729aa812480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
1d91a0759e10fbb4f935eaa4324ccc2b

SHA1
08246856b405e3d2e8c6c06940f80f485afd580e

SHA256
97ea1cec0b2ca1ab70cdb14b7de4f33a671452f80d3dfbbfebd6befa5c19fca2

SHA512
152d622f199948c3ae39264de2ddf6a53b0870c4431ebcb3ec13215607d54eaf6d8047c987b6b14cc325fb95ca3ac5b8bb20a65630e503e3613ac49e762e3011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit