hxxps://www[.]mesharepoint[.]com/che/e5733095-4425-4f08-b6ba-487b9a46a425/e390f9e1-ad43-4a1b-b1ef-e4f9d1f911c0/bcc750b4-4c35-4ab2-a248-b9b0811edd10/landing?id=ZW9TSnFxOUk3UTlDNm9XU1pJdkNaSitxb1NQWG1Wc3Vab2ZZQmF0TEJTYWxYa01IQTJjbFhabnN0ellZUERhY2V6dGVqS1NLbUJaZm1NQmRoekFXWTBhRHBKaWF0UnVaZVpMaWNFZXJNZThlZXhCK1gvWXdGUngwajExZEx6OXRBeEFoM0Rhblp0WGtqZFhZTHhjR1FINStRdUJQdzdVRkVOYlZyd25SNjBsanBDekxjY2IvL29aWGNvTnJaWmRTN1IyNVlNRlpDNE1oTjdCTlh1ekNVSFlWb3hNcjYwVGdMNDh0QVEyVm56dm5JYW4reW1ObHdEenhRcUsrUWpnem5DOThta09ZK3JmejFDTkJ5Y3lKdnIvQVRYK21pV0FDcDB5Vnl4SlNwTitDTEQ5VitURTBSSS9qcXBOeHM5YjM2TTRTTzNqQXJxb1hzWVBsM2tQY24yKzk4bkUvSzQ1SmdoUXhiUEpuazV3Wkp4Rys5cXprVzVGN0IyVGw2NDRMTWpzUGxnU2FZcGF3dUdrSkN2Yi9uVE94Z3dBWUtNZDduR25DWnczN2N2az0

Analysis

max time kernel
214s
max time network
243s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
14/03/2024, 18:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.mesharepoint.com/che/e5733095-4425-4f08-b6ba-487b9a46a425/e390f9e1-ad43-4a1b-b1ef-e4f9d1f911c0/bcc750b4-4c35-4ab2-a248-b9b0811edd10/landing?id=ZW9TSnFxOUk3UTlDNm9XU1pJdkNaSitxb1NQWG1Wc3Vab2ZZQmF0TEJTYWxYa01IQTJjbFhabnN0ellZUERhY2V6dGVqS1NLbUJaZm1NQmRoekFXWTBhRHBKaWF0UnVaZVpMaWNFZXJNZThlZXhCK1gvWXdGUngwajExZEx6OXRBeEFoM0Rhblp0WGtqZFhZTHhjR1FINStRdUJQdzdVRkVOYlZyd25SNjBsanBDekxjY2IvL29aWGNvTnJaWmRTN1IyNVlNRlpDNE1oTjdCTlh1ekNVSFlWb3hNcjYwVGdMNDh0QVEyVm56dm5JYW4reW1ObHdEenhRcUsrUWpnem5DOThta09ZK3JmejFDTkJ5Y3lKdnIvQVRYK21pV0FDcDB5Vnl4SlNwTitDTEQ5VitURTBSSS9qcXBOeHM5YjM2TTRTTzNqQXJxb1hzWVBsM2tQY24yKzk4bkUvSzQ1SmdoUXhiUEpuazV3Wkp4Rys5cXprVzVGN0IyVGw2NDRMTWpzUGxnU2FZcGF3dUdrSkN2Yi9uVE94Z3dBWUtNZDduR25DWnczN2N2az0

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133549159556064337"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1460	chrome.exe
1460	chrome.exe
2864	chrome.exe
2864	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe
Token: SeShutdownPrivilege	1460	chrome.exe
Token: SeCreatePagefilePrivilege	1460	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe
1460	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 4196	1460	chrome.exe	74
PID 1460 wrote to memory of 4196	1460	chrome.exe	74
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3340	1460	chrome.exe	76
PID 1460 wrote to memory of 3932	1460	chrome.exe	77
PID 1460 wrote to memory of 3932	1460	chrome.exe	77
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78
PID 1460 wrote to memory of 2636	1460	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mesharepoint.com/che/e5733095-4425-4f08-b6ba-487b9a46a425/e390f9e1-ad43-4a1b-b1ef-e4f9d1f911c0/bcc750b4-4c35-4ab2-a248-b9b0811edd10/landing?id=ZW9TSnFxOUk3UTlDNm9XU1pJdkNaSitxb1NQWG1Wc3Vab2ZZQmF0TEJTYWxYa01IQTJjbFhabnN0ellZUERhY2V6dGVqS1NLbUJaZm1NQmRoekFXWTBhRHBKaWF0UnVaZVpMaWNFZXJNZThlZXhCK1gvWXdGUngwajExZEx6OXRBeEFoM0Rhblp0WGtqZFhZTHhjR1FINStRdUJQdzdVRkVOYlZyd25SNjBsanBDekxjY2IvL29aWGNvTnJaWmRTN1IyNVlNRlpDNE1oTjdCTlh1ekNVSFlWb3hNcjYwVGdMNDh0QVEyVm56dm5JYW4reW1ObHdEenhRcUsrUWpnem5DOThta09ZK3JmejFDTkJ5Y3lKdnIvQVRYK21pV0FDcDB5Vnl4SlNwTitDTEQ5VitURTBSSS9qcXBOeHM5YjM2TTRTTzNqQXJxb1hzWVBsM2tQY24yKzk4bkUvSzQ1SmdoUXhiUEpuazV3Wkp4Rys5cXprVzVGN0IyVGw2NDRMTWpzUGxnU2FZcGF3dUdrSkN2Yi9uVE94Z3dBWUtNZDduR25DWnczN2N2az0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff7e5d9758,0x7fff7e5d9768,0x7fff7e5d9778
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:2
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=688 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1504 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4992 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4744 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4856 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:1
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2040 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5192 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5472 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1720 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5640 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5060 --field-trial-handle=1828,i,2942825926334052088,7526208353264091063,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2864

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
198KB

MD5
06d38d9bf028710762491328778f9db6

SHA1
83e1b6cbaad5ca5f6dc63453da324f8df28de193

SHA256
91558d69c027808e375e11c80166dc6ba245fbcfce715c9588decc55b4a33dad

SHA512
b197e5f92add72688396a07246ee9842a3b0de36508aa57f0254531cb109c77d0392e00ea28e006f9fbab1b8fee9b333998946de47ca7526b631e8c810780781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
27KB

MD5
93e7c16239dbaa1d7ce242fe773a0950

SHA1
69f8f623b98f7271246e5104e5b0be96666be9cc

SHA256
4c08b630669724d71e5946faa29c85e9f62ca9e5aad1cb9625ffe27fb0f14d32

SHA512
bf660c22bcd64eeb197953ef2a43e31bcf73564e2cf854384bdc1b050a9804581b7cbfbaa8fa24afe3f5621cc43ad72c2c88d9d9dfabf302aa8290c5dbf40c88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
47f85accac114a9c71d5084a19aedb8d

SHA1
92d9afb6d577ab53929eb51829f160f6f1d116ec

SHA256
5ee359a7e7809cb41e7985380de36d724ecb7eab9e794cffb68085d3b05d74b1

SHA512
e3699501ff35b4e7b423981f1bc3ef6dbf3ce175f1c92e0ede4e5daf39616901ee11962b6ed9642793d0185b1e07c01fb3d5a28ead658a20e9465360d299db96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
4d6dceace5944d0fed5fac4207e67423

SHA1
f5219e813a442fc8ee433fb46c8bba4074159f50

SHA256
797439bae9d5a9ca95b26d7ddc71f8f74814b28e50cf9b6f9cca25646ab5bfc8

SHA512
bb0d7a14b5497643fe0c27b1887ad973af335b9a292bac0202b21373624f4d6c9fd08e60118dd806b232a87815c6fb418895a279b58896c311e7e27c8466857a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
b8f11b4f25ecfdaf260e4c89be03f793

SHA1
366e535de93137095720f72b1e8717935373431a

SHA256
d68a4a44f8b040be450827e07e4ee593fc69f6e4697ac5aec2788fdf20c0b869

SHA512
38b847b1c1e4f6e02866e66d9397681db3ef16f9064bd11e14e075156ac6723a011216f42e802d0a569f923b24a2d80ae2bf0c9d4538f05d34022805a118fb4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
58d9802d9f3a2c9cecb2d0ab1e313fbf

SHA1
80eaba7995a838aac94918ec89e92245f480f05f

SHA256
0cdde6b6748ae0024059ff3c1cad277132c87ee358144727bf8c8a694ba5f692

SHA512
569fc0c34e9a3bee9f245ed65a11c634b2b343e4728546d923582866bbc9d74a9effda2655ad3ba6c266b36129bd0a37e99dfc5940affa4e80094c6652e2d787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
520a2cd51e0ba7943e8ac449a32bf7d4

SHA1
bd83c2a361b256f62a1179a0f69e06263f90abb9

SHA256
8d1558b39af501851f52386f7e93b8b1c2225a6643ac4d832be7a70bfdc434c0

SHA512
b0405380721b648c1e15ba84e65cb2249c268b6d51a462b60f08c0b299b647b87fc1efb9d69cff6100dbeb8b1de56d18a5465804f131fdcc9882782795499268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bb8544b78a427641d5223edf5cbb78af

SHA1
0b4ae7ab5c5bc353e4bec0d1bf558394e37367f0

SHA256
086a85af4094feef485b6d1e078132b05d9a856440aacefbc360ef338cfdb9ba

SHA512
302c0a03582ce3726a0e06b8ffad8cf4e78b7263f517a24bdfdb36bad32c781c17893551ae507e5ce872cb537a5a636a30da0d4338bc877903f030d6a4b4a173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
7c6ad25798d7e57a4db1e293248ae537

SHA1
76f8ee0a2de229570a756216116ca7e86a17f11a

SHA256
826adab69d74f27657afdab20b2d1996b9d70cd84edd665adf8d09b405f2a2c3

SHA512
e07e248875ad54a43ad50c486ef35167caea3ca4c2eff88c9950b225545635c6ec834c120dc3d52eed9a0ce22f998bdde29491b53472aee87e7ad29bd18c9c3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
145b753ccca2211218073a8e80b6446c

SHA1
99d62e6dd6d799864b8e8d2a5a33c469178031eb

SHA256
ed4b2a12570acdceaea76e6bb0d20fe333cf2e17758adc88448c9bb817cfefcf

SHA512
31c36b6ed019b05ab96e75782b6e05d70bf7e90866f27d30f365ddeb53fe8f44a5c2dde1a8b1569d9a65d56b9cb16fd314ec28388513898f1d4a7326a45d1edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
3506045275d3e383bd290f904220d3e3

SHA1
88323ba405def5b9da4067f99b52b936a8a380af

SHA256
d4fa4d46db9b9e3e6e8a1073345dc97b8d73f3d51168b403ef466c07223f9943

SHA512
c1f338ddf37f21b3b25d66bb33b8f7a596b85bc6392333bfd7278215cb7f93351354b1c5eb416bba9c31c3b6afefd9e00288a06db8bcdc1de8783c9142a0ee6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
5243f9194088fd3ada9abeebc48758eb

SHA1
aa51b647b7cfcb587708b2434bab428db76d6704

SHA256
0215bce1079e0594998b01c0aaac0bbdab77b4227fc55364a0f3a308d56101e8

SHA512
2cb6e1826921438d60e29cdf8e43bdddd68372c58526ba30d399df20058c0e45310f74d9ad395ddd018900ece5cac70a69724f9114662db850d7725edac18b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d5491e7e05afc655ed636bb6e7dfdac8

SHA1
808582f75d7da4d5fd22b8f736a97ea6bd9f6976

SHA256
12c7abeb58fef7fbfa9f2a508f52aba566fb9b80763679b4246395446ca4a02f

SHA512
f9413449de345a1b84dd6a35105b099b95fd801a3c46b572d1c6db7e0ddd09a79318cb84cd7b29355a7210c2c487487ef7a6ad86f5952e1f931680eaddc1b30c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
54e00d0fada61b281a4e388720c478e4

SHA1
46bfbfe816251e8303d27380ba290b5fd4747fa2

SHA256
ac14401e0dd82beaf2ae261ddd6a6e73976dae93be94c24a425a334243feca65

SHA512
c7ed3716e37890ce2a3fe748b429f1975252d3000239260bb16cd768f86fa14d8aa1d54439a21d8122301bac6a6606dec82ad329858d22f4d10971e7d21eb11c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2fa580e94923dbdba31b25862813361a

SHA1
8e123c6ae34cf71d2ccc79d69856264abf500da2

SHA256
0a56aef47a37be9187c9db57983c46961649612a103915d3f3a4c8b5c1c7a9a8

SHA512
09e5d1686d9f285d7b4920a04027ae5533e7e12093936c67772bb65ef66a47f188d97ce80ed3f4c389bfbad50393ba3d34ad531e94aaa2161b1b44087ce3ffd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3cb33ebe536b5ae1770ca6f6089cf178

SHA1
0622e0993c8d3d2f2e3299a79f1448585e834bf9

SHA256
93a97e0831216c07e4b3d3c7be68206e2c6955af484336426ab01e05b8edb982

SHA512
639e7b9279013fce5d94aaf27817b7a5ba8946f9fe70bd764c38288fbf866d7f420feb69e59c43c5e920ad385842f614a280f7322ef06489507c06c061d41073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7b13acd405a858a420cd958bbfcba5c4

SHA1
95a13015a4399ff0922501349ae17405fa2eb45c

SHA256
09ee86b57644b68c57cdcbb9f692c79d0a54ba446132afe9f2307988aeb9fe25

SHA512
c03a496c4a0f27b7edb3e8759ec9d94b9e328ea87ec92454d14d94f9a699623187aa666c121af96349b24925ebaacfd1c6faa4519519e776734459926c119d29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1883bad31aa9eec5857c3b1f93d35ed2

SHA1
351973978bd2789c9353d724da108a396ed21ac7

SHA256
ada339f82d9ea4eebb7a64538f0fe6838c91ee031b7580cff655533c53469ec9

SHA512
4983e6975fbdaa040aff87f0ca0b210915090e3a463ea803ba760494198a5fb5710c817c15e54b2fea1e9e0da294cae87fe5af6378de575da097726b5e68abca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44cac4b51b6501b49e6940fd3c6325a3

SHA1
c667eaa758d1062e5fceb6475ac1730031077163

SHA256
0cd811e04eeb291783be70e2df07b0c94fb9d43d6b46936baec02d9e7544ab20

SHA512
fc89e563611ce594785ebe0e23f8fd1a45168447e400c569479948fbedb84a7da7a9b8b166c928284710e78bc975b44c2df3612df272b9db938328be11b0c740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f066328cabf18efb6b25589496419164

SHA1
fa95207b965127aeb2dd106f3dc729a7176a0765

SHA256
037ae2122a0724c25f68318068b6cbb51c17245f679141524dee10760757a9ae

SHA512
0e20d1ff078634968f4db758778ee40ded4d84b8edc5f252599153913bf8eab408df5bcc4bd1f27c8cf17ada2cf4e75ee15c051c21b49f1b9fe2b25a94243018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
5c22c322753816106be4afbb6171b20b

SHA1
cc55b92eac7f1df1023d652d1bc844b697c68860

SHA256
3bcd03fc1603dce6cacffbd2c3bed711722c81abf431a9524e786371cf94f3a4

SHA512
bffcbc49b57c064f60064b4ad25db860359112db03fb388f5ab6a24691f4521de330fbc1bbab497289c7fe60a16b543dd1ade7df43c813aa8088897db84a540c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
0a0572db1b9e3b76ddf8ac93b38b23e9

SHA1
f9be6d38a2d5f413243adf05a7d4ef07977b6700

SHA256
b5095fe3298002f09aaf7c10fa42bbb58d45903fc8b80c9f1294ba8b68d6978f

SHA512
8d98716a46414f48c94c0d7530ea5be4d02e49e2b02a4e763bf40d263caa8316a454382f9e84114a183737ee9ec28f459d1a0ac1ece3ac669b5132d074ea9514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
2e81edffea72be88e8ff465995ec726f

SHA1
7ca996a1d512c77423cf9e859a972cdfa8f311a9

SHA256
46c153e41a540d9d44a219aeaea6b54d5ba0ea2c6e0df5ddadca72b6763f6708

SHA512
8712a98d142020d19664704ce063fe1e74a6f09c885b55761287b018787917525631502c282abe1ce8f10ee303eaebb8f2a1eb9ce8c80395024fa2f766e1a87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
d1e192575f96890ed556ac78e8df16ba

SHA1
3abf63a9aebac9b5e29776774a36936f064f7a49

SHA256
7676ea1e11a0db40f8ccd3029c69e202d75551bf2bc3a99a96e860019a689f8c

SHA512
43ba7c797e7426825ac36db3e3056721ea1fbf0583f4540c6cf955f190bcdbafe480bb2585c0f0a559f7ea7642488e08759e49e87540f3b85c209f42bbde83d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit