Malware Analysis Report

2025-01-19 03:59

Sample ID 231102-dncjcafe8y
Target https://eu-west-1.protection.sophos.com/?d=googleadservices.com&u=aHR0cHM6Ly93d3cuZ29vZ2xlYWRzZXJ2aWNlcy5jb20vcGFnZWFkL2FjbGs_bmlzPTQmc2E9TCZhaT1Dcmk3WV8wSF9aS1RyRmRiamtQSVBxZUdVOEFhaTBmYmVjc3Jhd3VEMEVaaWx0cFdMQXhBQklJSFpfaUZneVFhZ0FiLVhxc0FCeUFFSnFBTUJ5QVBMQktvRXpnRlAwRnJfNzg5OUFXZ1FNRS1kUktEODJQVnFfR3Jpb2JTRTMzYTEtODY3WFRESUgyMXFkZ0lWSlBHaENVcHNWOUNLaFFGMVFRUWFyTXVqWm94OUFuNGp1U2pzd0JaSnFpWjdaaWJUcjVPV25HeUY3VTRiNmJIVkhTNEVuMUw0aGJJbDYwdWpNNFdKUHY3QzgyZkFzNWdWeEpaTEJBc2gzTFlrd2NtUTROV2plZnBYYTYxT3ZMcUN5ZjJkVkRtUEJTRm14WmtGN3g0dm9JTWhndkplbXJMaXRVX1pJX0haVGxKYWxEdTRvVndpNmcyOUZDLXdmblJhckJ6VFhXYzdXLWM4cVpIaVV3c3ZDa3QyX3VtQUQ4QUU4Njc4LWM0RWlBWDdnSy15VEtBR0xvQUhtZXpXMEFPb0I5bTJzUUtvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzZnSG1nYW9CX1BSRzZnSGx0Z2JxQWVxbTdFQ3FBZURyYkVDcUFmX25yRUNxQWZmbjdFQ3FBZktxYkVDcUFmcnBiRUMyQWNBMGdnVUNJQmhFQUVZSHpJQ2lnSTZBb0JBU0wzOXdUcXhDUV9QY2VqNzZya2NnQW9CbUFzQnlBc0JnQXdCMmd3UUNnb1E0THJWOVBfLW8tdFdFZ0lCQTZvTkFsVlR5QTBCdUJQa0E5Z1RETkFWQWZnV0FZQVhBUSZhZT0xJmFzZT0yJmdjbGlkPUVBSWFJUW9iQ2hNSTVPYXE1djZpZ1FNVjFqRkVDQjJwTUFWdUVBRVlBU0FBRWdLVFRQRF9Cd0UmbnVtPTEmY2lkPUNBUVNLUUJwQWxKV1M1azBoVkNYQnpTZjNrMzJHdHBERmloZTRXSm1jZTNYeVVCN0pVOC1pU3QtYUgwakdBRSZzaWc9QU9ENjRfMWVYLTlUaG10Z21mc1pjSm5YTHlZLWZrUzU2USZjbGllbnQ9Y2EtcHViLTk4MTY5NDUyNzA5Mzg5NjkmcmY9MSZuYj05JmFkdXJsPWh0dHBzOi8vaXBmcy5pby9pcGZzL2JhZnliZWlkZm03cHFxemxnZHB4dW1oMjZ0eHhnZW96N2FwMnI2Mnp5NzJ4YXRneWp3NHBqNnA2a3Y0L0Rlc3RVbml2eHguaHRtbCUzRnV0bV9jb250ZW50JTNEcGFyYW1zJTI1M0FvJTI1M0QxNjczNjUwJTI1MjZhbiUyNTNEZ2RuJTI1MjZhZyUyNTNEZnc1OSUyNTI2YWQlMjUzRFMyQyUyNTIwLSUyNTIwRXh0ZXJuYWwlMjUyNmFraWQlMjUzRDEwMDAwMDAzMzB0c2dyXzY3MTgxMzc2NjEzOCUyNnV0bV9zb3VyY2UlM0RncnMyLWV4cGFuZGVkLXY1JTI2Z2NsaWQlM0RFQUlhSVFvYkNoTUk1T2FxNXY2aWdRTVYxakZFQ0IycE1BVnVFQUVZQVNBQUVnS1RUUERfQndFI1oyRjFkR0Z0TG10aGNHOXZja0J6YjNCb2IzTXVZMjl0&i=NjIyZjg4YWI3MTEzNWExZDJmZmMyZjIy&t=SXdZRWFMYU1YVzhQUStTVnkyN3NTWHNOTFRUQVVaNWUrejRNM1JwdjNYQT0=&h=0d2ba50ee1ce4bb3b28df66b2327226b&s=AVNPUEhUT0NFTkNSWVBUSVYoSXDTdKARlmWNTkxCAx2IC21TilHSccTfEXyO9PfNkmO7pqI_2ufXs8XSRx0s9sxfYN3JeFIaczo3bA7S77BhHqmuBUyGQWWdtWkzn9j-RAkse202nP64ovC2-5hLnYw
Tags
phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://eu-west-1.protection.sophos.com/?d=googleadservices.com&u=aHR0cHM6Ly93d3cuZ29vZ2xlYWRzZXJ2aWNlcy5jb20vcGFnZWFkL2FjbGs_bmlzPTQmc2E9TCZhaT1Dcmk3WV8wSF9aS1RyRmRiamtQSVBxZUdVOEFhaTBmYmVjc3Jhd3VEMEVaaWx0cFdMQXhBQklJSFpfaUZneVFhZ0FiLVhxc0FCeUFFSnFBTUJ5QVBMQktvRXpnRlAwRnJfNzg5OUFXZ1FNRS1kUktEODJQVnFfR3Jpb2JTRTMzYTEtODY3WFRESUgyMXFkZ0lWSlBHaENVcHNWOUNLaFFGMVFRUWFyTXVqWm94OUFuNGp1U2pzd0JaSnFpWjdaaWJUcjVPV25HeUY3VTRiNmJIVkhTNEVuMUw0aGJJbDYwdWpNNFdKUHY3QzgyZkFzNWdWeEpaTEJBc2gzTFlrd2NtUTROV2plZnBYYTYxT3ZMcUN5ZjJkVkRtUEJTRm14WmtGN3g0dm9JTWhndkplbXJMaXRVX1pJX0haVGxKYWxEdTRvVndpNmcyOUZDLXdmblJhckJ6VFhXYzdXLWM4cVpIaVV3c3ZDa3QyX3VtQUQ4QUU4Njc4LWM0RWlBWDdnSy15VEtBR0xvQUhtZXpXMEFPb0I5bTJzUUtvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzZnSG1nYW9CX1BSRzZnSGx0Z2JxQWVxbTdFQ3FBZURyYkVDcUFmX25yRUNxQWZmbjdFQ3FBZktxYkVDcUFmcnBiRUMyQWNBMGdnVUNJQmhFQUVZSHpJQ2lnSTZBb0JBU0wzOXdUcXhDUV9QY2VqNzZya2NnQW9CbUFzQnlBc0JnQXdCMmd3UUNnb1E0THJWOVBfLW8tdFdFZ0lCQTZvTkFsVlR5QTBCdUJQa0E5Z1RETkFWQWZnV0FZQVhBUSZhZT0xJmFzZT0yJmdjbGlkPUVBSWFJUW9iQ2hNSTVPYXE1djZpZ1FNVjFqRkVDQjJwTUFWdUVBRVlBU0FBRWdLVFRQRF9Cd0UmbnVtPTEmY2lkPUNBUVNLUUJwQWxKV1M1azBoVkNYQnpTZjNrMzJHdHBERmloZTRXSm1jZTNYeVVCN0pVOC1pU3QtYUgwakdBRSZzaWc9QU9ENjRfMWVYLTlUaG10Z21mc1pjSm5YTHlZLWZrUzU2USZjbGllbnQ9Y2EtcHViLTk4MTY5NDUyNzA5Mzg5NjkmcmY9MSZuYj05JmFkdXJsPWh0dHBzOi8vaXBmcy5pby9pcGZzL2JhZnliZWlkZm03cHFxemxnZHB4dW1oMjZ0eHhnZW96N2FwMnI2Mnp5NzJ4YXRneWp3NHBqNnA2a3Y0L0Rlc3RVbml2eHguaHRtbCUzRnV0bV9jb250ZW50JTNEcGFyYW1zJTI1M0FvJTI1M0QxNjczNjUwJTI1MjZhbiUyNTNEZ2RuJTI1MjZhZyUyNTNEZnc1OSUyNTI2YWQlMjUzRFMyQyUyNTIwLSUyNTIwRXh0ZXJuYWwlMjUyNmFraWQlMjUzRDEwMDAwMDAzMzB0c2dyXzY3MTgxMzc2NjEzOCUyNnV0bV9zb3VyY2UlM0RncnMyLWV4cGFuZGVkLXY1JTI2Z2NsaWQlM0RFQUlhSVFvYkNoTUk1T2FxNXY2aWdRTVYxakZFQ0IycE1BVnVFQUVZQVNBQUVnS1RUUERfQndFI1oyRjFkR0Z0TG10aGNHOXZja0J6YjNCb2IzTXVZMjl0&i=NjIyZjg4YWI3MTEzNWExZDJmZmMyZjIy&t=SXdZRWFMYU1YVzhQUStTVnkyN3NTWHNOTFRUQVVaNWUrejRNM1JwdjNYQT0=&h=0d2ba50ee1ce4bb3b28df66b2327226b&s=AVNPUEhUT0NFTkNSWVBUSVYoSXDTdKARlmWNTkxCAx2IC21TilHSccTfEXyO9PfNkmO7pqI_2ufXs8XSRx0s9sxfYN3JeFIaczo3bA7S77BhHqmuBUyGQWWdtWkzn9j-RAkse202nP64ovC2-5hLnYw was found to be: Known bad.

Malicious Activity Summary

phishing

Detected phishing page

Looks up external IP address via web service

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-02 03:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-02 03:08

Reported

2023-11-02 03:11

Platform

win10v2004-20231020-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://eu-west-1.protection.sophos.com/?d=googleadservices.com&u=aHR0cHM6Ly93d3cuZ29vZ2xlYWRzZXJ2aWNlcy5jb20vcGFnZWFkL2FjbGs_bmlzPTQmc2E9TCZhaT1Dcmk3WV8wSF9aS1RyRmRiamtQSVBxZUdVOEFhaTBmYmVjc3Jhd3VEMEVaaWx0cFdMQXhBQklJSFpfaUZneVFhZ0FiLVhxc0FCeUFFSnFBTUJ5QVBMQktvRXpnRlAwRnJfNzg5OUFXZ1FNRS1kUktEODJQVnFfR3Jpb2JTRTMzYTEtODY3WFRESUgyMXFkZ0lWSlBHaENVcHNWOUNLaFFGMVFRUWFyTXVqWm94OUFuNGp1U2pzd0JaSnFpWjdaaWJUcjVPV25HeUY3VTRiNmJIVkhTNEVuMUw0aGJJbDYwdWpNNFdKUHY3QzgyZkFzNWdWeEpaTEJBc2gzTFlrd2NtUTROV2plZnBYYTYxT3ZMcUN5ZjJkVkRtUEJTRm14WmtGN3g0dm9JTWhndkplbXJMaXRVX1pJX0haVGxKYWxEdTRvVndpNmcyOUZDLXdmblJhckJ6VFhXYzdXLWM4cVpIaVV3c3ZDa3QyX3VtQUQ4QUU4Njc4LWM0RWlBWDdnSy15VEtBR0xvQUhtZXpXMEFPb0I5bTJzUUtvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzZnSG1nYW9CX1BSRzZnSGx0Z2JxQWVxbTdFQ3FBZURyYkVDcUFmX25yRUNxQWZmbjdFQ3FBZktxYkVDcUFmcnBiRUMyQWNBMGdnVUNJQmhFQUVZSHpJQ2lnSTZBb0JBU0wzOXdUcXhDUV9QY2VqNzZya2NnQW9CbUFzQnlBc0JnQXdCMmd3UUNnb1E0THJWOVBfLW8tdFdFZ0lCQTZvTkFsVlR5QTBCdUJQa0E5Z1RETkFWQWZnV0FZQVhBUSZhZT0xJmFzZT0yJmdjbGlkPUVBSWFJUW9iQ2hNSTVPYXE1djZpZ1FNVjFqRkVDQjJwTUFWdUVBRVlBU0FBRWdLVFRQRF9Cd0UmbnVtPTEmY2lkPUNBUVNLUUJwQWxKV1M1azBoVkNYQnpTZjNrMzJHdHBERmloZTRXSm1jZTNYeVVCN0pVOC1pU3QtYUgwakdBRSZzaWc9QU9ENjRfMWVYLTlUaG10Z21mc1pjSm5YTHlZLWZrUzU2USZjbGllbnQ9Y2EtcHViLTk4MTY5NDUyNzA5Mzg5NjkmcmY9MSZuYj05JmFkdXJsPWh0dHBzOi8vaXBmcy5pby9pcGZzL2JhZnliZWlkZm03cHFxemxnZHB4dW1oMjZ0eHhnZW96N2FwMnI2Mnp5NzJ4YXRneWp3NHBqNnA2a3Y0L0Rlc3RVbml2eHguaHRtbCUzRnV0bV9jb250ZW50JTNEcGFyYW1zJTI1M0FvJTI1M0QxNjczNjUwJTI1MjZhbiUyNTNEZ2RuJTI1MjZhZyUyNTNEZnc1OSUyNTI2YWQlMjUzRFMyQyUyNTIwLSUyNTIwRXh0ZXJuYWwlMjUyNmFraWQlMjUzRDEwMDAwMDAzMzB0c2dyXzY3MTgxMzc2NjEzOCUyNnV0bV9zb3VyY2UlM0RncnMyLWV4cGFuZGVkLXY1JTI2Z2NsaWQlM0RFQUlhSVFvYkNoTUk1T2FxNXY2aWdRTVYxakZFQ0IycE1BVnVFQUVZQVNBQUVnS1RUUERfQndFI1oyRjFkR0Z0TG10aGNHOXZja0J6YjNCb2IzTXVZMjl0&i=NjIyZjg4YWI3MTEzNWExZDJmZmMyZjIy&t=SXdZRWFMYU1YVzhQUStTVnkyN3NTWHNOTFRUQVVaNWUrejRNM1JwdjNYQT0=&h=0d2ba50ee1ce4bb3b28df66b2327226b&s=AVNPUEhUT0NFTkNSWVBUSVYoSXDTdKARlmWNTkxCAx2IC21TilHSccTfEXyO9PfNkmO7pqI_2ufXs8XSRx0s9sxfYN3JeFIaczo3bA7S77BhHqmuBUyGQWWdtWkzn9j-RAkse202nP64ovC2-5hLnYw

Signatures

Detected phishing page

phishing

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133433681628264941" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2912 wrote to memory of 1044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 1044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 3456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2912 wrote to memory of 4032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://eu-west-1.protection.sophos.com/?d=googleadservices.com&u=aHR0cHM6Ly93d3cuZ29vZ2xlYWRzZXJ2aWNlcy5jb20vcGFnZWFkL2FjbGs_bmlzPTQmc2E9TCZhaT1Dcmk3WV8wSF9aS1RyRmRiamtQSVBxZUdVOEFhaTBmYmVjc3Jhd3VEMEVaaWx0cFdMQXhBQklJSFpfaUZneVFhZ0FiLVhxc0FCeUFFSnFBTUJ5QVBMQktvRXpnRlAwRnJfNzg5OUFXZ1FNRS1kUktEODJQVnFfR3Jpb2JTRTMzYTEtODY3WFRESUgyMXFkZ0lWSlBHaENVcHNWOUNLaFFGMVFRUWFyTXVqWm94OUFuNGp1U2pzd0JaSnFpWjdaaWJUcjVPV25HeUY3VTRiNmJIVkhTNEVuMUw0aGJJbDYwdWpNNFdKUHY3QzgyZkFzNWdWeEpaTEJBc2gzTFlrd2NtUTROV2plZnBYYTYxT3ZMcUN5ZjJkVkRtUEJTRm14WmtGN3g0dm9JTWhndkplbXJMaXRVX1pJX0haVGxKYWxEdTRvVndpNmcyOUZDLXdmblJhckJ6VFhXYzdXLWM4cVpIaVV3c3ZDa3QyX3VtQUQ4QUU4Njc4LWM0RWlBWDdnSy15VEtBR0xvQUhtZXpXMEFPb0I5bTJzUUtvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzZnSG1nYW9CX1BSRzZnSGx0Z2JxQWVxbTdFQ3FBZURyYkVDcUFmX25yRUNxQWZmbjdFQ3FBZktxYkVDcUFmcnBiRUMyQWNBMGdnVUNJQmhFQUVZSHpJQ2lnSTZBb0JBU0wzOXdUcXhDUV9QY2VqNzZya2NnQW9CbUFzQnlBc0JnQXdCMmd3UUNnb1E0THJWOVBfLW8tdFdFZ0lCQTZvTkFsVlR5QTBCdUJQa0E5Z1RETkFWQWZnV0FZQVhBUSZhZT0xJmFzZT0yJmdjbGlkPUVBSWFJUW9iQ2hNSTVPYXE1djZpZ1FNVjFqRkVDQjJwTUFWdUVBRVlBU0FBRWdLVFRQRF9Cd0UmbnVtPTEmY2lkPUNBUVNLUUJwQWxKV1M1azBoVkNYQnpTZjNrMzJHdHBERmloZTRXSm1jZTNYeVVCN0pVOC1pU3QtYUgwakdBRSZzaWc9QU9ENjRfMWVYLTlUaG10Z21mc1pjSm5YTHlZLWZrUzU2USZjbGllbnQ9Y2EtcHViLTk4MTY5NDUyNzA5Mzg5NjkmcmY9MSZuYj05JmFkdXJsPWh0dHBzOi8vaXBmcy5pby9pcGZzL2JhZnliZWlkZm03cHFxemxnZHB4dW1oMjZ0eHhnZW96N2FwMnI2Mnp5NzJ4YXRneWp3NHBqNnA2a3Y0L0Rlc3RVbml2eHguaHRtbCUzRnV0bV9jb250ZW50JTNEcGFyYW1zJTI1M0FvJTI1M0QxNjczNjUwJTI1MjZhbiUyNTNEZ2RuJTI1MjZhZyUyNTNEZnc1OSUyNTI2YWQlMjUzRFMyQyUyNTIwLSUyNTIwRXh0ZXJuYWwlMjUyNmFraWQlMjUzRDEwMDAwMDAzMzB0c2dyXzY3MTgxMzc2NjEzOCUyNnV0bV9zb3VyY2UlM0RncnMyLWV4cGFuZGVkLXY1JTI2Z2NsaWQlM0RFQUlhSVFvYkNoTUk1T2FxNXY2aWdRTVYxakZFQ0IycE1BVnVFQUVZQVNBQUVnS1RUUERfQndFI1oyRjFkR0Z0TG10aGNHOXZja0J6YjNCb2IzTXVZMjl0&i=NjIyZjg4YWI3MTEzNWExZDJmZmMyZjIy&t=SXdZRWFMYU1YVzhQUStTVnkyN3NTWHNOTFRUQVVaNWUrejRNM1JwdjNYQT0=&h=0d2ba50ee1ce4bb3b28df66b2327226b&s=AVNPUEhUT0NFTkNSWVBUSVYoSXDTdKARlmWNTkxCAx2IC21TilHSccTfEXyO9PfNkmO7pqI_2ufXs8XSRx0s9sxfYN3JeFIaczo3bA7S77BhHqmuBUyGQWWdtWkzn9j-RAkse202nP64ovC2-5hLnYw

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba83b9758,0x7ffba83b9768,0x7ffba83b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4920 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5012 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5108 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3208 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5300 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4476 --field-trial-handle=1884,i,10139532870480456238,225175373824329789,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 eu-west-1.protection.sophos.com udp
US 18.239.94.51:443 eu-west-1.protection.sophos.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 51.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 130.47.239.18.in-addr.arpa udp
US 8.8.8.8:53 ipfs.io udp
US 209.94.90.1:443 ipfs.io tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
NL 142.251.36.10:443 ajax.googleapis.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 104.18.40.68:443 kit.fontawesome.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
US 8.8.8.8:53 2.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.90.94.209.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 39.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 172.64.130.9:443 ka-f.fontawesome.com tcp
US 172.64.130.9:443 ka-f.fontawesome.com tcp
US 8.8.8.8:53 www udp
US 8.8.8.8:53 www.sophos.com udp
NL 104.110.240.10:443 www.sophos.com tcp
US 8.8.8.8:53 logo.clearbit.com udp
US 18.239.36.32:443 logo.clearbit.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 172.64.130.9:443 ka-f.fontawesome.com udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 68.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.130.64.172.in-addr.arpa udp
US 8.8.8.8:53 10.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 32.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 scripts.demandbase.com udp
US 18.239.50.58:443 scripts.demandbase.com tcp
US 8.8.8.8:53 236.131.18.104.in-addr.arpa udp
US 8.8.8.8:53 58.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 img03.en25.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
HK 23.42.163.92:443 img03.en25.com tcp
US 8.8.8.8:53 s.company-target.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 34.96.71.22:443 s.company-target.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 partners.tremorhub.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 104.18.36.155:443 dsum-sec.casalemedia.com tcp
US 54.88.66.11:443 partners.tremorhub.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
US 104.18.36.155:443 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 92.163.42.23.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 11.66.88.54.in-addr.arpa udp
US 8.8.8.8:53 api.company-target.com udp
NL 13.227.219.127:443 api.company-target.com tcp
US 8.8.8.8:53 js.driftt.com udp
US 18.65.39.53:443 js.driftt.com tcp
US 8.8.8.8:53 tag-logger.demandbase.com udp
US 18.239.18.62:443 tag-logger.demandbase.com tcp
US 8.8.8.8:53 s1777052651.t.eloqua.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
NL 192.29.202.14:443 s1777052651.t.eloqua.com tcp
NL 192.29.202.14:443 s1777052651.t.eloqua.com tcp
US 8.8.8.8:53 127.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 53.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 62.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 14.202.29.192.in-addr.arpa udp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 151.101.2.137:443 js-agent.newrelic.com tcp
US 8.8.8.8:53 metrics.api.drift.com udp
US 8.8.8.8:53 conversation.api.drift.com udp
US 8.8.8.8:53 customer.api.drift.com udp
US 8.8.8.8:53 targeting.api.drift.com udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 bam.nr-data.net udp
US 162.247.241.14:443 bam.nr-data.net tcp
US 8.8.8.8:53 14.241.247.162.in-addr.arpa udp
US 8.8.8.8:53 bootstrap.api.drift.com udp
US 34.193.113.164:443 bootstrap.api.drift.com tcp
NL 13.227.219.127:443 api.company-target.com tcp
US 8.8.8.8:53 164.113.193.34.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 1037686-36.chat.api.drift.com udp
US 34.195.184.238:443 1037686-36.chat.api.drift.com tcp
US 8.8.8.8:53 presence.api.drift.com udp
US 8.8.8.8:53 event.api.drift.com udp
US 54.85.240.191:443 presence.api.drift.com tcp
US 8.8.8.8:53 238.184.195.34.in-addr.arpa udp
US 8.8.8.8:53 flow.api.drift.com udp
US 8.8.8.8:53 driftt.imgix.net udp
NL 199.232.150.208:443 driftt.imgix.net tcp
US 8.8.8.8:53 191.240.85.54.in-addr.arpa udp
US 8.8.8.8:53 208.150.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 126.179.238.8.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.208.99:443 beacons.gcp.gvt2.com tcp
GB 216.58.208.99:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 99.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

\??\pipe\crashpad_2912_USQAZVKFLRGXVYBB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7b53e29b-9b11-4d0b-9e54-529805ad41d0.tmp

MD5 82a7f5d672b5a4847a7959c197ca3b3c
SHA1 117384164c6083fd7fa0e02babb243bf01751916
SHA256 83efe0ebaf1cd10b1f815edee8e4668f666368d31ded7de673741f5845075b77
SHA512 a97b1de8185d971834063cbd67deca542abbdffbe3217f38e76e4568cbdfe970e8e342be08bc9227fd11a1dc4b59cbf6004853f842733810a3276cfe4925555d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 077be8a51725f8604ea8021b5210a2e1
SHA1 7a00b2b72c0e832ce6ef66b016a4cf0309843f2c
SHA256 7835eeaa02b0fa3f37df67f57419badebcd40d90a88a26e8265a304f25319015
SHA512 20bbf1597de9c49e5d67c04109d91ed69036c29560e280607ec8ba9a3b1edf12b8498f9e77bcbd4f06d1ee157e17970bfa1c874032d6e01cc5d4b598829a59b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a495c66c4df67a424f8b07e43ad667cc
SHA1 048a105f07ca20f64c6e4eae6a26efae80a3339d
SHA256 647a33368fa7be705a13e212d12024b8445c3f94c3ea4dab34750c3ad1ac003b
SHA512 aa506ee4d1e90bb0d2a0fc1fa6ad31b9280428f030b1f1cf5c361e9679985c0a381988f1ff4680df8efe0062089938461059c77c96b47c73897ea8d624ee1773

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 986b6d9e50c1020ba55a9571219c1371
SHA1 a5401d13b8f16f78b21e1a86d18dbc6754d8c5cf
SHA256 dc4d2ea43cb15e4e2e0bd3edb2d0a8488ee20af85f100ab0d591600112f2aa87
SHA512 12ee34f17cc08387c130da8482e6b0c0a8beaea52cae667d8f1b6c2873a3901c8a8339f4d10284b3bc6908dfa232ac1989f1a85cd456f35d0719938044910898

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 37533ff514d35b8a3a58303c20628e44
SHA1 a06a3f2b69670604a0888da974204831eb40c236
SHA256 58e68af2c198e9f55f4532a9847af17750b8ba56e6916413fa18b7041284e4af
SHA512 255a9244371b45eb39bccc4274e7a459a2c205ffecaddb7c883d5d86d7d121dacb68706f937bbbc126393d6c4a1c09b8ac83d1deca66b8424a240e300e962195

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d426b32ac943d2e5968eba7781f93633
SHA1 47d8db36b4f9c0a2ceff9644619dec3ea371c27f
SHA256 52709ab1912f39a3e208ca5e17e7ce3717698e43da646c6083d9d6f3038b8b4e
SHA512 b113a076f24eadcaf95ef314038494b5982bb3a7d1792be1fd2318b9c036abe458305b2d03ba51f85f6f4531b04d8452cee3b51a316e6519973c6bb69ccb3990

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ca22f848072524828098cc29d55b9ab7
SHA1 9cc2ccb734130700761c8f84f5690c1b87b29cea
SHA256 2547b49cb27404fc4332677418e57ecc1fa70bb70b8c8082694e013ccdadb58d
SHA512 f0f6a368536b454f28952baa43673521cb521cd5dd299072d77f450cb1a3118fd998b4d75c75cb84fd4adb082364ee034df47932aadcb01a92f4142c894c386b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e8fe35b91772ad87308cdc92c170be39
SHA1 d1de960573a45a813ef405b4d8396564a8af1ed6
SHA256 523ec85297fab4f52607985350f1b1b50b7920e3d1968d233dd81d27604bcaa0
SHA512 324b8134fc28849933b0d11617b3f0dc1dc6a376002412fe03e5657c4edcb29221908d6b9c391e4b590d7dc51b5547ec8349af6e846377a7e17a6ed5586f578f