hxxps://0ffice365-management[.]net/Madam[.]testowy@wieczorny[.]pl

Resubmissions

16/11/2023, 21:03

231116-zwf3dsgf7t 8

16/11/2023, 20:30

231116-zamm2sge5z 8

16/11/2023, 20:19

231116-y4bbfafc49 8

16/11/2023, 20:13

231116-yzxnwage2t 8

Analysis

max time kernel
244s
max time network
248s
platform
windows10-1703_x64
resource
win10-20231023-en
resource tags

arch:x64arch:x86image:win10-20231023-enlocale:en-usos:windows10-1703-x64system
submitted
16/11/2023, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://0ffice365-management.net/[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133446392604307254"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
7028	chrome.exe
7028	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 528	3664	chrome.exe	54
PID 3664 wrote to memory of 528	3664	chrome.exe	54
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 2780	3664	chrome.exe	74
PID 3664 wrote to memory of 448	3664	chrome.exe	73
PID 3664 wrote to memory of 448	3664	chrome.exe	73
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75
PID 3664 wrote to memory of 4732	3664	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://0ffice365-management.net/[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8a64b9758,0x7ff8a64b9768,0x7ff8a64b9778
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1748 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=216 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:2
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4648 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4980 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5396 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2836 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2972 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5352 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4972 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5432 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3028 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5652 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5276 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:8
  2⤵
  PID:7140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6300 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7104 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5568 --field-trial-handle=1844,i,7910147349569671761,11921635061912068019,131072 /prefetch:1
  2⤵
  PID:3016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
93342f48af8fe99c320f21a10f1e1d50

SHA1
a35c59baa5221d418acac9662540722375e91a7a

SHA256
7e7a039abe1a9081f12ac8ef09526428723bfc6aeb79f9bc688c587f226d1946

SHA512
1b1bdb15a89ccfcfa047a61f56fd24525147d0080d3336fffe90beffb89b144cb46cac559ec0a2c4181989f43e06e1ee555c495b1f05533c574e1a733e31b18c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
fc7986f4e910dd0b58a8447ca18bbe0d

SHA1
4cd55e30e1f7ad6a54bdef4463fa836529155975

SHA256
47c05a2a6fa7733393caf8791356a4a7bd156d5ab306b1683a0dd3a26353e9a9

SHA512
995e855e3b8852db03f677fdaf18e4af92cb56f4c62e0a66e9d2e5e0c60fc0ddbad6b2648ebf023ddf3da80049786146d8dae0d4a386957630af00faea46922c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
347B

MD5
f2b3582a9546916e3a68585de9cd059c

SHA1
b299d9ad7829efe4b59714fc640618ba0a83bd68

SHA256
070792f0db2cc1227a50bdf0b5b6229ffaaabbb53e155056592923f680f890e6

SHA512
bc85fc53eddb41f141511330866549bd59fb0b2a56144b7e274a526bafb9fdc81c9fb218476d41df7772f93b94346ed4bedf2c7dd223fb862b870939a82f4d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
390B

MD5
3de85cb90a22605d20e89d771c5190dc

SHA1
10acfd49b72ee4ffd87ea6753172a4ccf707e17c

SHA256
63428c77441ebce2f496a7e2fde449629435f5e690f9164aab45f7841758132f

SHA512
9169a0e091256f7bd7122e6e1f31eb51f0c8c363076315cf2fd40f7a2f49c210c0bfa941d6c7401ddfa880e3a5f8dce257e85324d136827f405bd3ca92484cbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9cdda32e6350d817ab724444ec25c055

SHA1
567449a7dd2185817e44f684b30eec2d48495d4e

SHA256
9264b2a68c4407db7b8e2cf1433fe4b7b25839dd5b12782cc052f767cee9f2a9

SHA512
6756ca1bf3ec3ad9dbeb87209f63b1fd13f63bfd6229566a9940e1a88f40ef914d6d756a618a23402cf05bbbb11c6b6071f60dbde9d6e99e65e5cd12ccc9617a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
940cad579e45bc5323748a1730f6a920

SHA1
7f593506161c5f2effc15cca5f29dae6d96d7d93

SHA256
fd4369ab7c95abfe879d2b17f11986d83b27a77701bfe14ec47e52aefbcc9051

SHA512
17ac00cd0ac2278b3d7cfc377a7cbe4d2d9e3373ee89055ad66bb3dedfd4581e40c6e4959f75a57a16320a044517389a49f88c45ec9a4e56b39e5fb0e4cf19a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
cb550d75eec8925e523a1e3a3132351e

SHA1
e9c26bf29e59f4f6dc6f5cdf63fa8c74a17d895a

SHA256
34db7166069856c47eb86c75f6720dec1eca023f5e60dce6eee88c0229c52c3b

SHA512
3ddbc60b83aa647cb7650f7585b0a47c273b01a7574ae92a6eaae765d590c423a91166a7156c4f9315a52250281cbf41a39379fa97c62728d4b1b6e300190650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d08ae8808d7cb79afc4db83504bac621

SHA1
29c986ed62aecf03f5399c9a3995e92097351225

SHA256
2c06623765254137eed872175543dca5d8060f46e57520032400fd3d4b3d450e

SHA512
69ccc74455ce8d1e89bb95a3c5b8231341f04d53bd146c95398f38f28d26e2f3637767f807e5206fac5abd7ddfb26c1c613ebf21481174f97a2c3f626c740732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
01c30f2b72a8d127cbc56f803f216acd

SHA1
b9b253edb258f1c689b89d78c0a90e3019771c6d

SHA256
e261ce2e20b519439b33da8b688dd6630d3d0be08e21c09b47c0572641f4ad5d

SHA512
3715ef4eb3bd6644dc6e6cacb9c9109241198274399414513155306b126fb47ce68930d72ef924d71bdac2a4a48971b9ed5c0efea8bd6f7bfcffb5ab33321a69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bd17c6a41bc45bc7aa8446acbaf5dcbc

SHA1
4c19552d05ee67327245cc9f224a98b31c4e7dcc

SHA256
b1bc3ef5c48534379b5098ddc81b1ba5b22173aea4e9059e4a32aee56af420bf

SHA512
acd95d50a69f02bbc19e13828649ef2c521403c41f5388213f9938ef062f43f9cbf101a748ccfa09c4c09e30b7e0be04357b4a8d0c8e58d86d1b9ecc2e25c6b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
65f929216ebac4c9fdecf7e6462663e0

SHA1
283173d707f904bfad62726ca65aab8840b205d0

SHA256
7f10de4126eb4b4c47587d049027c64e311af7b1ac0b209f77a098915179c47e

SHA512
9c9a786b61d58ab322b86f016613eb03a7da5b06c4ae9a30a4fc7474748dee5c4d1a3628688f19b087280692620bf7861c5e920a27ccebebb52578e9dfe92e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
63a603cd6dacc6d02f8e0809d79009e9

SHA1
a92ee2189803756be50c001f35e7c26d26f83d51

SHA256
5688ea159fdbd3e074eedf19c7b16374845edc81fbb8ea77bfd46b3328f32739

SHA512
6d952e8c7b4c6f7bd99159536c22d986fb1822654fe17e8a3d686d8e3cf13e3bf8b6fdd30020a5933be5c76ad7c3d5349dcacf95b4fd89607e4dd15fef3dbf02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
62714c2e8a8b2136b2d777da1a38151a

SHA1
68bd65eb425b720812537511ead005a6a5c96d86

SHA256
f0b1d682aa0f699a4e3efbf831354334c7566d6b5a7db0eb2f8fe365ac655ba0

SHA512
c52383b0886b74ddb1369cfaa1128c0d2cc6234e91daf81bc37f7865e11f0522352e069ee5d36d5e7b43e485b31a63e4da192ae8987e8c674868ea320c535339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
deed3d59969d1bd68a7b6f71727360fc

SHA1
fb918ccb53eb01b66c69ed7dd9b3fb2363f400ca

SHA256
5223800a5554dc241053af9c115545a040385308f253d56b7db4bbaba2a1e285

SHA512
6de637f6857d8b4f34802e0b6e6592e4347c445433ff73fa4148863d8fdff7234fc4c9dbd98f26b0508611cade0cbe0a98a173e195472b310998a1eb70bc1b82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
686955cf8f7ba8f3202c23608f2bf4ff

SHA1
116b3120478bd640cb3d0cb0acfaf3535656c881

SHA256
46390316bc2bf0b435bef923f06750ccede74f23666b6ac793b7e61978516953

SHA512
c18eadc271afa85bedd818372b9e03f8403a315612c40b3068d7bea7b31c8edf6f54550bcc328c18202d399ed32b97cbc24569230120752dbc8aaac052081cdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0b6b769d0dce14e872ee87f20a69dc12

SHA1
771d6f0d48249ed6a4861b4e8e22c6e3178d2566

SHA256
a9baf49812bc52aa996cbc60460e1da6a86fabed676878402e64df3dda65945d

SHA512
411c3d1395ec4975f740713a6cd44eed3757d190330ea53bbde6192bdefd9270b73cfa9faa764e1cce720c7d7c5203e988dcf6d51ac7b8c5163639420308ee0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
64cf4faedea2f0680a95a8e8e16761a2

SHA1
b24f45303f0c2b1777cf49fd1df7ab9e16dd93a7

SHA256
995f6a6537f1c2b267e10343c5893dd52393c2a9bdd6e30f7074c56120a5e02c

SHA512
92c9ab2809b697ea7102f198bd1deb55f4a93d56e2ffad05297f0893b22229657dcaddb22da161a8e77ed865357f26f2ba4f7380cf33739154c73efa53478df0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\26f38c9b-2900-4097-8f17-afb70af9ec79\index-dir\the-real-index

Filesize
22KB

MD5
3788319592f513cc766f9e763b011c69

SHA1
ab9571da828e3266c56d5ec51f84340f050f6e2c

SHA256
bf0b5fab44c4b212db5c74b43c4834e7fa53caa12dc5601ece99e85692aa793d

SHA512
017c34a214ebb2517bf3176724b1989915e999bf05a7602aca2f9ef5956cb38f68b41acf4e27e2be5a68b22ce6c760e54acea68c57e01decb050a0010f9f6d27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\26f38c9b-2900-4097-8f17-afb70af9ec79\index-dir\the-real-index~RFe59408a.TMP

Filesize
48B

MD5
0061abf6ee04f2d9293a3a5c22dc7ab7

SHA1
269f8c15623330546ac6c972083b695c10074707

SHA256
82606c3ce13394d97b1f18879938d196232ffea1f3ef0c414784440dd324d4bb

SHA512
dce90f7deec8a27f76461e8692062da611f999c66e688b358c24c8807da5f3903e009eb59d0693b558c643fb289acc9a22fb7ef4246e73b12dcc69b9a4c58ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
260B

MD5
1bb7227001ece906994903a55938460a

SHA1
bfb4374f7a9603ee012dda64413a4c9a78f246ea

SHA256
b4cdcba02b63bf145ad4910072251ce8d75c3186aac430efbd7c73cfd679f1fe

SHA512
b792d28e81a689fd59e1cc5755f7e8b779f232c6fb6defdfb0163da412866fda2fc23c0322a3dd8a2c23e8e1521f0acc333dfd4d7d4267f077d33d50d1d0c62a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt~RFe5940a9.TMP

Filesize
264B

MD5
22a0e24f11a477fef8019eee5b2fa553

SHA1
6160f1ea511808b4a1825643b74f88f8e840460b

SHA256
dab047ccd5c7510fa3a6700f520366ec52fd758ce980c1cc7cca82d579f3cca3

SHA512
ae6157a15cab261b9be3ac7f4346965aaed592ef1b56552153ea5785317b73c54028a8d6894921ed7795eb13c14b81ff07ac6ac5f862cf003dcc46fc9acc7560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
1355204cafdc63e9b1657196fb1b2966

SHA1
f2df1fc7bb04d59b087189420ac9ebf5fe92d7cf

SHA256
7dde52ba0114d9da627dd11196e0ae05ac03fc970d8d84662fc5256de487badc

SHA512
94b759074e7d7d79e6161e17fb20f08c6d716391974676a2349153d3ded59364680d801c0f0b8a1493fa79b845ecc927032946d9d92316a0e18c2b3988d77610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a023.TMP

Filesize
48B

MD5
64e20ad56d7fc8aabc958eaf7cdb796e

SHA1
375a91f079abf77b77a3dc5720ee154e9090dd4a

SHA256
52fa56e0f80d7b9d180db20d8ccbd926ec6e6767c1c12a2ae37e4ab8729debc4

SHA512
c39cef5fdaadfcff89a38f2105aadf5632871981f0b82dad2159763d59ff691013bfcbc64fd97eae3dee47a4e6f2d0385527ea9e19540b0887957ff4e9450a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
1838a718e243cad187bfffa381f61d35

SHA1
ede428aa417e3af794da34356e539c41a267a427

SHA256
3c5e75a64b0e69e18d02a6958c0e4e8e77feba2446ac4cb2e49002b111458a64

SHA512
d914e045ac909fa918e8bc95c5e72c5ae4688bc51887e9c43f4be387daac775cc3443fb8d7ec8ebcc390e108118af219bff31691d2b998cdbba63a36a6496929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
83586ebd418d572d1d55eea73d9ae481

SHA1
3647bf90da887ca865fa2ae5d40520d255fd6227

SHA256
e07514136100ab9351dd33d3aed938efa945dc867dc86ed91e7b438c8980e0d7

SHA512
41b64c47fafb65a72e56a26ef4b35ff5a1f4cea3235f4bc930b0b47d347e2d174def04d4a09964d6c781cd968ad1705a251e699fb264d370f895e59c8fac2108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a204b.TMP

Filesize
100KB

MD5
96dcd7ddf38fa15d26245a0a08a3cee9

SHA1
4957976a1ad626ffe51416efab1147abed2fa757

SHA256
7ecc8c80cb1b036541c1ccf33017986add0de219eed8419ce73ebe38190e4b50

SHA512
5a0e00ac4fd7f1cb15565ed7fc5a8c1066077d35d147ab9bf4b2f2d64e24bba4ddf63cac6831d9f0c30a4eda6446dc5749ee0e7fffc70ee16de91819b57eac3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit