hxxps://accounts[.]snapchat[.]com/accounts/confirm_email?notMyAccount=true&n=agnF1jU3WcoE-kEi6ULxLg&source=welcome

Resubmissions

28/08/2023, 10:49

230828-mw2ymsac45 3

28/08/2023, 10:40

230828-mqt1vach8v 1

Analysis

max time kernel
529s
max time network
532s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://accounts.snapchat.com/accounts/confirm_email?notMyAccount=true&n=agnF1jU3WcoE-kEi6ULxLg&source=welcome

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133376928541627109"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3032	chrome.exe
3032	chrome.exe
556	chrome.exe
556	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe
Token: SeShutdownPrivilege	3032	chrome.exe
Token: SeCreatePagefilePrivilege	3032	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe
3032	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 1604	3032	chrome.exe	66
PID 3032 wrote to memory of 1604	3032	chrome.exe	66
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1944	3032	chrome.exe	84
PID 3032 wrote to memory of 1008	3032	chrome.exe	86
PID 3032 wrote to memory of 1008	3032	chrome.exe	86
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85
PID 3032 wrote to memory of 4684	3032	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://accounts.snapchat.com/accounts/confirm_email?notMyAccount=true&n=agnF1jU3WcoE-kEi6ULxLg&source=welcome
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05659758,0x7ffa05659768,0x7ffa05659778
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:2
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4896 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5084 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4904 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2688 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4048 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2924 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4172 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4804 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4832 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3156 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4172 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3080 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4044 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3716 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4004 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3260 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1960 --field-trial-handle=1872,i,17382697471372811866,14487262171218262845,131072 /prefetch:1
  2⤵
  PID:3084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
65fbcdbbcdd49b2d0a28a91c6a23f307

SHA1
627c2d0c8b22409aee60d3d07286cc59f120dfd6

SHA256
3482806bdaa1fc8413044d3cf15c95a78ac9abfaa8a7b4cce9a2c7d188227e7f

SHA512
516588b8fbea9ce96971d267ad29f232d8ac85c5a31045eeb8a57cb94ba22b7344cf3c2d0b0752e01527b9260144ec6206dbffd81beef91f5f386ef376820667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cba49e8331c0a005ad804e8014d051cf

SHA1
93b8792365f7dcbfc276016435e77a0ed4bdeed3

SHA256
c78d16977ce29714a9a024b7874eebb7b233f5f550ecba7dd142cbf54720a1e4

SHA512
aea194a2a38514540ab0126b35a233f47425e09301c4c195d5dd9cbe7dc94a371e4a527275ed7fbd7591e53652705cb4f269b1b1fcfcc884044303a212ff0f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2c71f0a4dda6ccee066360a0e0223873

SHA1
ab371f53fb62127c7c77ace4fe14f52f6dff3fcf

SHA256
93c24152068c84cb7f478f3c18d1c8c319fc4ff856b23a2d893205e786c77dda

SHA512
180848e94416a0b3c90bd33c7a4f8f6f553c9d196df46075ccefb069e323aa40b39db7174690f6f5e070750f2ed398692c9acf33fbeba0a374d2374349cbfd36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
566493a9b9e5f514fedee52992ede659

SHA1
5f7172de0d2595559f158b17af8af11110e6df1e

SHA256
73597fc34ab18cb772b062e8396875ff5826e40c970d18975a5c379937c49abc

SHA512
2938ed8071988d05e47f96816a4e1f691a519e6e77135f02115df052c5f5f2efd2260d91eef5a13e8cd1cd57d9915c7307f0c8ba62190b9983188c2b5f8fd07b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
43c1634f4b516e0a18fe23881debb7cf

SHA1
3009fc095476f43324a14889dbe896a8085ac116

SHA256
a50410a8683b0ad13ae0bd29fc5306d0132fac73ab88bae8497c46dbcd4ab316

SHA512
6fc5369b60d1bf24f4d7a8418dfe8f6ba8f5552c0393b4098d1b6f1930fa72de19d4b25d2cb84812345bbb80bf79b0fd8c84bfb459ed690138b5338ba0bb04a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit