hxxps://api[.]spently[.]com/api/spently/click?id=105133&store=hotelcollection&type=OI&cid=6272440696998&url=disruptmla[.]com/winmx/css/sdnfkjdhgkadshcafasuhgd/bjdyskhdufasa/jsfdkgfhsdafghjdsfisgfusdfdagfidhfsdgcuxgcjhdscghdsj/547/dth/ZGlhbmUuZnV0cmVsbEB0ZGNqLnRleGFzLmdvdg==

Resubmissions

08/03/2024, 15:39

240308-s32t4sbe7x 5

08/03/2024, 15:21

240308-srm7ksad35 1

Analysis

max time kernel
206s
max time network
221s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 15:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://api.spently.com/api/spently/click?id=105133&store=hotelcollection&type=OI&cid=6272440696998&url=disruptmla.com/winmx/css/sdnfkjdhgkadshcafasuhgd/bjdyskhdufasa/jsfdkgfhsdafghjdsfisgfusdfdagfidhfsdgcuxgcjhdscghdsj/547/dth/ZGlhbmUuZnV0cmVsbEB0ZGNqLnRleGFzLmdvdg==

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133543861944316846"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
380	chrome.exe
380	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 2876	4988	chrome.exe	88
PID 4988 wrote to memory of 2876	4988	chrome.exe	88
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4972	4988	chrome.exe	90
PID 4988 wrote to memory of 4092	4988	chrome.exe	91
PID 4988 wrote to memory of 4092	4988	chrome.exe	91
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92
PID 4988 wrote to memory of 5076	4988	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://api.spently.com/api/spently/click?id=105133&store=hotelcollection&type=OI&cid=6272440696998&url=disruptmla.com/winmx/css/sdnfkjdhgkadshcafasuhgd/bjdyskhdufasa/jsfdkgfhsdafghjdsfisgfusdfdagfidhfsdgcuxgcjhdscghdsj/547/dth/ZGlhbmUuZnV0cmVsbEB0ZGNqLnRleGFzLmdvdg==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf6149758,0x7ffdf6149768,0x7ffdf6149778
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:2
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5012 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5168 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5440 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4752 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3888 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5260 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:1
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5252 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4568 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4984 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4900 --field-trial-handle=1836,i,13808251912733630468,3832514819028365220,131072 /prefetch:1
  2⤵
  PID:1924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d44fe9723597398ca9b600a25f202521

SHA1
7e0eda5c364c07b8cfd3942578e8e34fbd1b5177

SHA256
d3c2ef7733d31752252a0926d6229f1706a3182d4bd1329dce268f453e052d6e

SHA512
610072afc92f0d645aaca4029ce68ba67e14add20315be99d7b0465a30247e5709d5397a571b47a5f368b80d4fe4ad414885632443fd5189f433cac3281858e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
397b4af350e13a05d1d9aafd92f802a1

SHA1
f200baad7b36db8ae92187330bbf46920e983c80

SHA256
5210f7d0cbae8b312ff1072d440d943ad4b513988da65e43c3c5063118461049

SHA512
e3cfff7cb8aab9cd781ed14517286d8a8b5a73a6f88b2544ba7f4221ef457cf80ab17145e2c62fa5b69b64c08f9885a98fc763e5e25bd70f427f879529241138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cb6259a501d41330e261c8d475abb8c7

SHA1
dfb09d5a9888215ee407e6401b8fb5d8970ef051

SHA256
4cf0e20249c1b7cc0890ae8fe84018498c2f07a7f81a55c5a3a0c8a912f70403

SHA512
e30f092ef6ce5cdd21e5ab8711612e6a3375d83f053b187633a2b7da8637330150b8a989eaecaf8c79ac1054c940ad2b139496bbba0bfeb650e809e002d5172a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
85335c13eee689d74aa1f8d5fc944988

SHA1
e8243eab6f2770acb023ec3fbff7b9f795025d05

SHA256
56924bbf81b7dc23ed478e76b3b3d267431782e000b2fdc30e8f8d34c18b5a91

SHA512
df199ce019b835c9dfb1e415479124237f6d329f55d5e611cb0e1895306fc9750b707606da5bf3fa8294b565ea041d3663ff49232de68ace9911857b71ab3d20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a53eedcee41a9761ee0714f10ac4fea6

SHA1
a4daedbd87b35d79b56098d62a6aaf0b0cefb331

SHA256
ee035ba6526173868d18d5598b2f15b340304d5033918c1d0ee8a252d58a1402

SHA512
371882892bfd877572745c6a1edeaec88eba12bca4bf439d073dceb4a19fc8c31f139350c9821781684bd10973417a93f566be104ebb7bc37e2e0c119b354559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
573b60556383dbb7884393e11f593c52

SHA1
aceac4baac5cb8bb86c2a9ab194edbc76354915f

SHA256
72ce7beb777cfce3c674a79117edbc1c9e4a5f03a536223c00cba387aa106913

SHA512
0e87e54e7de0838102cf46a353f6353595f9b8f2e082fc9f1a66c3c3f6493019d808c210e21a7b9041c1a0abf8414f7b1660e78d57773db60f6627fd1248cc0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
725cc732ce5dbc184aabd4e10f875bf5

SHA1
d22e543be5f6c950fd0a4b46ef901b840913f1ef

SHA256
dae68c42740292ab924b843dc502ee72b9bfd29634885959dffecd6eac7fc901

SHA512
574e24cddc03dd625fa8385da1c298abc3442c66895c54f9b9c51437c32aa0b47cf128f3886c7f8df520b4caf36984e4805a96b14328d77d6207469276ee4b65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ffa38c4468e0e44e5530a71a59057c7c

SHA1
60ede1a3f2bcc1be519a20055081ee46f958ad88

SHA256
381b41a20e558d9c12097121da2163470d552df3cdb0e697620b8c492ebc1ee7

SHA512
6f01237fa54c823d64b391c030b48b07e3d82a39ead0e66243a28e769ae6ff440ba2e9f5c99c22b9993dd503e6bb7c6a829c4488d6c924de98866c5609727f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e052034a-70e0-4fcd-83ab-5183c47d95ab.tmp

Filesize
7KB

MD5
c9a74a0f4fbba8ce421b3154f1fc5771

SHA1
849b92d2ef6cdaef84bf4602217145f0088bea82

SHA256
d9b39e412b304e915220aa95f9007ad4168d71faadc40f6d214dfc22f2f734c5

SHA512
eef46b5bb151ce3b6b9868a8499c2a17fe66e3c5c05913888aceb612347aa042008444867506270592914e1172d755150b165cf9e39f58d7530424d4a37d4d02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
419880a6877a23ad5b62d02a8e5b4160

SHA1
f1c285ddb3c34702d69c38de957ea2df619c7501

SHA256
1ec8e3fd28619b5a88970009a208c39612e087daf1c3b8e74f75f7f62cbe350e

SHA512
5c57acec072dd7bcb90ccc7215e48c79342450f45c9ddb011db56a7816fde4eaa851c74ce812b81eb4446f1dcde52630f1017d8e278abd8aec4bce85c51c725b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
5ad629e58a8ed6e7a02fec33869d90b7

SHA1
b2b94b6287db0656a83986a1ac3b2dc67c6dd7d2

SHA256
8b49dbdf8997417d28c8f2f5fa29de7ed1eaa02422505259effd3b1fc8a101cf

SHA512
e10d03c76e49fd90aaabd6796bb77dda89773deea1c7997e63b6b4377a4052637e6fe100ab47901ba342a28df4a5d0fc43dd33c1fcd43d41337c0b0e85111682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a7ba9.TMP

Filesize
104KB

MD5
dffb927a45ad5e33bf52a06775c3c070

SHA1
e18191527408b4bb8da3c22c4398d96c04d001d5

SHA256
963070d55d15112ebab44e8cde3014dc54da2e3632c0c6f0b066b0f9c18e1fea

SHA512
3fde103907a530898ff2206fec7b2ad463edba6998a7b97d5ebf07d18d924ffbe9de36c39ccb82811fdf8ff9826486942fa25779556113cafb53aa69507e54a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit