hxxps://r20[.]rs6[.]net/tn[.]jsp?f=001wQn7auD1Mum5JPPrMeVxqZTfAlCcD3tp61negkvHn852RXAxbAO_P7u72O8As8M6k-ZI7Jx-APrvagEnWrlO3ajiCBcrY6k_q4UTCo3aav10cqll-68cAGjpnRYNDTNfzTA_azBp1SoqZOw2hMRSFQ==&c=&ch==&__=/wintrust/sdevinger@wintrust[.]com

Analysis

max time kernel
1208s
max time network
1193s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 04:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://r20.rs6.net/tn.jsp?f=001wQn7auD1Mum5JPPrMeVxqZTfAlCcD3tp61negkvHn852RXAxbAO_P7u72O8As8M6k-ZI7Jx-APrvagEnWrlO3ajiCBcrY6k_q4UTCo3aav10cqll-68cAGjpnRYNDTNfzTA_azBp1SoqZOw2hMRSFQ==&c=&ch==&__=/wintrust/[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133494227911378946"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
6100	chrome.exe
6100	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 2712	3416	chrome.exe	67
PID 3416 wrote to memory of 2712	3416	chrome.exe	67
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 3652	3416	chrome.exe	90
PID 3416 wrote to memory of 4316	3416	chrome.exe	91
PID 3416 wrote to memory of 4316	3416	chrome.exe	91
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92
PID 3416 wrote to memory of 4992	3416	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://r20.rs6.net/tn.jsp?f=001wQn7auD1Mum5JPPrMeVxqZTfAlCcD3tp61negkvHn852RXAxbAO_P7u72O8As8M6k-ZI7Jx-APrvagEnWrlO3ajiCBcrY6k_q4UTCo3aav10cqll-68cAGjpnRYNDTNfzTA_azBp1SoqZOw2hMRSFQ==&c=&ch==&__=/wintrust/[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff958859758,0x7ff958859768,0x7ff958859778
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3736 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4532 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3204 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4900 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5008 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4504 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5060 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3716 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5196 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3192 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5712 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4848 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4836 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3020 --field-trial-handle=1896,i,8564109793877661190,2017066164008987703,131072 /prefetch:1
  2⤵
  PID:5456

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\24ea380a50575ae4_0

Filesize
38KB

MD5
b5ffed4aa9856ddaa6a332688590535e

SHA1
ebd6eb4333a0045779aa631e27d1edff19e50721

SHA256
27b72393803aff03f0a7434502355d8ac4436458faf67b4093b37ece7d17427d

SHA512
8ca9fd6c862c0441fce143e06c273befcc9141fe05912ad1b3ae66203bbaaf78c93a646f7e62965f949de98671a3c0786411d5142d4eb05b58c920ba62f995ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6c51ccbd4f4d4494_0

Filesize
324B

MD5
d072fd35d37f98c33dbc696dd67c5571

SHA1
462a7c331bf398e1e3d5890ae0a6fb4037917b66

SHA256
9a224173f2c276cd5bbe64b96d16ae1f40b0645042f836202ac04587e119bf58

SHA512
d81b4538adb9947e7465ea9333a6a3ba68b8b5abbdd9fa2c3d69c9354689937afd04c92b5dd9d95eea0c91d29b08bb1f03dbad508683a63d25ba53250d462098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
058950f842abf1c1afcbc8facce54a6a

SHA1
6aa1434a43150ff6f23d55f9f40e0e8c628e0c30

SHA256
4c6a3a55a91079227adeaf67e8ec67ace767f75f7eabbdfcc94ae813f6f9778a

SHA512
f5c5c1cb2033d32d19d1b22662207263d0f0e5c3f92e57eee1afb53d1af0bfcebc98fa9c59041adb868d9239458ea06969603237f1ba87bca317bdc71916fa65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
27795c3f18287c25ce79ff5aec0a8aa5

SHA1
48f4c7b694e864453f82494b141ae4bedb4d216b

SHA256
de75d7d7d8f65e785c8b0f033fe85098b4339f72a812aeeb5a2d2b65f5c42660

SHA512
6228ecb53de6053b93af64287f0a7691d8bee08126b1f622a40db3b4f008b5091c0a70cc0fa8d819e9ceca21866867a7787f9d18600f30a26d25e95b29cb52b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d731b4d7aa1f7e491fad32d0d7e6064f

SHA1
75fe218e9529e301898f0957f636205d3b9e51aa

SHA256
d2cf41f025e75e31724c3a5ccbb881d9f9b406f139e8952f54542ead651372a3

SHA512
78dc740b0b80972c0b76f7a79bc69bcc3fc74a7bc2ba9a3dd54210fa195ff2d45901b28673b7b3411cbdea7bab2a8f5ab48ac2ba6f80aa264b2d3411977fe25c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
216d8c23865fef53d9bd9d69c1dcc25e

SHA1
1fefefdefbfd27098cef362f5459cbd548c64cbc

SHA256
cae0a04a402f70d27564806062c95812fa20bbeb7fbdd30009cf42c824d99d41

SHA512
bd6728bf614f7b28006131747f091fe1b414be2e453231f512a15e9e70e5e1d41b625304ca3ca74678291ccc69731584ac287d26af10775f56febc70f529ce8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
059f5814eb8f9f134a4ece7f809fe5c0

SHA1
7f728120ddd1eb6992d87475bc74b126ee4eb82c

SHA256
6b809454198894144f78493cf7941a85f3adca68322f8d49b772a5f2c1b79d76

SHA512
d3d99a8f8d974d3135c9bcba91d7f153fbd9877eb74c87fd656b4c8d9f2795bb66c448714fbf22627aa8380183dfd8e99328831279cde5843e41aa39130e54be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
56a884ee8538e11dc0653c4807d28e74

SHA1
5a463484877fed0d64d55240d7f55db8f0fdf32a

SHA256
82f5bc520c75eab559a4f84edac7904a3fafa4c3bf2d1f668385c5990755ed47

SHA512
ec51d008cb19b7ed9f6dcb35976a980453f2eaaa10f3e9dfc070819057aa4f5856642ccd6707bea295b5d709eed5f7eed90e1357af2f0b02b9ee67ed96df6515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
b90f969239493bf5fdbc0aebc9fe9877

SHA1
0b1993ae20993cd95254392f2adfb17ffc26eaa1

SHA256
fb61c73311e5e4380cbb369dbb1495cce9c8c8f472a4fb69d30a35360531ce7e

SHA512
b9794961c6b61fd09e96ebcd86876b1deb45996ad2af8a4fc235f5009e6312bdb1f83b0d35a50f33fe860b356f66232af2ea6f66b297dee28f84fd1d18e28213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
396577a986f17e22de08601300713292

SHA1
a33a52760bddfa8954a946a596189173cf0d1e5a

SHA256
cd5f64087b2c6b0c71f63bdd687f09486b87b569bd132b39ffcc02b936381137

SHA512
22d7cc1bc7103420f4f07bba71ee3f079a3a5f980fe81b573a5a7832c4f4251d8e35f68ed1ebcecdd1cba65dbd66560ac84850161ee1410c18eb5ae36107bbaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
9d999c8e2c9797d11140fb06dd1296b0

SHA1
41730613fd7b309b9d03f042839923abb2888116

SHA256
f5d6137e88500b59be4f09598c36efa2683cc22b2f479226d9d3160708b8f021

SHA512
a8a067aee65843e2c5bf2959513e6ee5ea119d661437d366b2122af4a90156d802ab73495de9b8afe67ab70e3cf42e08155fa94ae5f6524bffa29cfab0959f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cc8110fb208962e770cba5c4f94038e3

SHA1
aa560f08f5e12f3d2ef0eb79ce3de9422a332aa4

SHA256
1253507226260dc1970f9f3319381e4780ec7d2e7e5fca7f3964d97d0edb7774

SHA512
28ff3c3e5716056725997319cb7bb873f308415bee5ca5315efc684aafa4088a57c5143850b7da0f8009bd26e11e25bb1541cae330e21cc5e2b3464dea36f1bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9ae65421448cbf31204f030f1e093ebd

SHA1
10cc9107cb26e8ec81876af1b523cf54cd8ca298

SHA256
ebe039c12a4e161cc81fb2c4edd043a780203cc8496f220f0a4223719a9345fe

SHA512
0e26bb489f471613dc9f209bfde8a460f1a3fbeee30290898cc57ca35880d3ff5bd9e1f8b2be8c20aa177e9d6e7cc7be66f2184ac04d8c889f2b2a57b1d39798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d7d5d680a32f3e51fd797dab1270757f

SHA1
edeaa8cf2ef91007574994ce87f719ec7357a5f4

SHA256
8ac95ffa7714fbb1d3d23f6596c42949519d72cca35bb6f7742cb26e0ee33525

SHA512
7bc1ec6297d5adba7505915d841e7b9dfc494af00a5293a089d46a2eb68e59636ce65e7763a935bcbde169f178450276c7838bf801c90517e3cf07e84f9cf630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f9f85f7d0b88ae1f060f14b32158066c

SHA1
85b47c9ad5a4199695db1aef621c642f8a2d234c

SHA256
ab44d0d859ce5e14533eb1a4b7b9e9d5e3d3faf69a597861274ab0961f7930ef

SHA512
88857599eb46a1c723898147b666fb051c4a8d5d58148e3b83eaaf456dcb6cc99a9aaefc4fc5f963206a97d5ef4ae6934111b1f03a11ba55b121a62d78159e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1907accee70eb92f2c4fecae18cd25bc

SHA1
e74a89b1f54623528e4a60161c42e5e60915e864

SHA256
e11d90d7ad19671d445c2668f11b08ac9fc630800f699e7c8d477954e3546125

SHA512
1afc9c6796dc2a4a8409a0e740f7e572a3a117f3b6f8ad82482d2191abc8f5b9504c8152ae31bdc7d60948f87453bf0604b95f58179cf0cd27dbc969f292a884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
32972dfd04965dbb06fca5d03906463d

SHA1
3cea2cd9f4658e28b89984dc3252162e1837585e

SHA256
e424db5853ef8b9e07f01b1f5c2ff9ce8e9b0ca1c35b82900315562ccc4f201c

SHA512
527e87232200a4527d21b6d264e463eae2e4f500ab2cd46dd839f539c189e1e115529a0ba079ce08062967d9fbd6fc80cf54f403c85c4066e2454ae654832f36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fadb5c09bf4766664e72f8ceead382d8

SHA1
f3d7c21a38d5d61d7ce61a131599885d840ddadc

SHA256
c4b0e9442c480c51b3eeaa0477873f2a084fcad50a1c369859590ff932cde065

SHA512
58222d2b42e6e379003b2ed613d8d7a9ce24e7425f12404da51e0dfa16371260986d294e7fa45083b38ea7adaa3b7312c67dc82bd9af4c2138696cea016f8f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f389957c8993bcf214b16fba71136ea9

SHA1
92192fae31898587cca99df94e3cbb2b4345d497

SHA256
966b3e5c6cf0fd3768a5dfc2df4815446853bb09e2beb693ca84ab4bee09b981

SHA512
7bdcec1d68197ca5841d45c0e189ffcdac5e3628849b705d339f3c70621221769d5e813df9d238be983a25fa9c6701c307c174eca3b51f4cea44fbebb22912bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
668f01af34edf230d04a588c806406ca

SHA1
7acb851906386d13fe0347d7d167cc8a04c2ad12

SHA256
eef01454a7c48eb6a2d3ef5a5c857b55961ccf68bb2f70100b1bb143e0bb70ca

SHA512
33b2078b79125b5e9b58d52b9cdeec800b89e2754c90054377b273ea3bf66969691cf66a8f14cc9290438d1dbf4d931881cbee861d03fc687f2d4f9cfbec3ee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5a91e40eb34635f77c2bb9092418063c

SHA1
4b0804432b6f3e4b9671699f92ae1bb87f86ea62

SHA256
be2e38b065931a186ac30bf47db6e359e1ebf0917d5e708628995a487641d002

SHA512
e03cf48c3347706522c8acfacc323ff106d1ccc42d68777ea40ebad877844d0d273f3a281eac0209fbcfd03c0faecc73ee54226061be74dc1566f0449ed8e238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ee74eecf3af96f82ad6ee36d427db137

SHA1
7f8482cd2f1de5688c61a2b3786ab19ccf4578ab

SHA256
15fcba8109920697a69d7fa6a4dd3eef8902259c8c71ff74bfbc7b0fc78488b6

SHA512
cb61ae0e60bf6e2f217fe1f824e620e392444911703f49fafeee223d839133fe78e1ff788025f2689be08b6dce0020f9ce2a002455560f076b9dabdee3a4a447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
94d11b437382f890defeb524b52f848e

SHA1
ccc11ae6ba2e2e098f9e0e2226a5f06aeaa29587

SHA256
717846757fbd36183ee483f079bc240797c0b31c5375671dea30d6d785981f1f

SHA512
1341dd1d45651f018499584d39e4b9702b78a927323d83df704a4149a1876e5a9f3feb16bf1d718bfd7302351fe39ea6752a1e4f048023e2985550cf1096b449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7ed4e1767a165f47aad38d8a3ba15164

SHA1
066e83d2ba6c1124891e44ac7d2dbbd23e6939c2

SHA256
afee72245cfd3b321462c4dd14ec05dfa8d7c1e1c9e2354fd69af514c563628b

SHA512
f7417b972a903042330916d4eb99fe53989d3e48136745c89471563ef5afa8f51c2d0cc295044869be754dea1c39e50c86178febea06400832f2e7edafa7311b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
08fef9ac2f94ed8bf6c866470c7aca55

SHA1
4ea2ff8d7b292107c820a28a6efcb3a87bfe95fa

SHA256
864ebb0088aa199f1d1d0ef39abf184023f3f10f031f49d83803387f41fd81d5

SHA512
71b75dc7fe0d632a863f3f1df254585f712bc50794d5c68d7966610b2570fad7312584a3cd41f5d607c8de7f054a9876e0abb0d9463315d1ba8e1e524ae93d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c01f1b253c4dd94ccb70d9d2d54781a0

SHA1
f721055597032ec8fa29f31fa3c960875da12156

SHA256
70844fb098033a710cbab142b18c08073dd77cf0433730f6e0f01954e9001d7b

SHA512
36ce65102e06e1c0cae5ab021819f8d7eac3daff26bd0ff32c0697561bbb765135fd96440781f6c9471353037ec63c41c1196751e28c14657d7a9805cb85337d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
9455918455b70e1921a7f1d066d66852

SHA1
c05da164a6f9ac49a2a56c86d77398c8b6cd98a3

SHA256
193891bfcca78333b9469b27ad3ca08506c13e07523d8514709ff68086c2e3b2

SHA512
87d53e5241e38043942f15453d54f943d5eb1c93e7169aee7221744ac687ca9a5f4597d471177bc1878242e2af4587146ffd74e1c7cfc5f22bfe1a70a096fed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit