hxxps://steam-gift-card50[.]com/gift

Resubmissions

18-03-2024 19:02

240318-xp91sage6w 10

18-03-2024 18:53

240318-xj5twaff55 10

Analysis

max time kernel
210s
max time network
218s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam-gift-card50.com/gift

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133552616748770363"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

224 chrome.exe
224 chrome.exe
1956 chrome.exe
1956 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

chrome.exe

pid	process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 224 wrote to memory of 376	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 376	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 3204	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2300	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2300	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2232	224	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steam-gift-card50.com/gift
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc6ec9758,0x7ffbc6ec9768,0x7ffbc6ec9778
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:2
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4860 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4952 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5176 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:8
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5020 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1600 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6120 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4760 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6084 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5056 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6064 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4584 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2364 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5524 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4768 --field-trial-handle=1916,i,1303758659687464747,11732178612452086937,131072 /prefetch:1
  2⤵
  PID:4144

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=2240,i,16875000905773190493,11379096115878622792,262144 --variations-seed-version /prefetch:8
1⤵
PID:5988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
17KB

MD5
1600c30d5869405bb66399676f6c4c25

SHA1
59cfc97757b1e8b12c6452cd20629d33767bd2e8

SHA256
336a5651d83b61b5d83fabf3b5a187a8cb29f76288120c54ee87664f0d719537

SHA512
6aa0c06e6353fe63d869524951eb1dee15d76566c739696fb5ff9c3789d94efe1de8bb478da34c45866dbd543b989d4b5fc3a21fcf21acea9860b5a9220fe1b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
27KB

MD5
353828eeaa73fb34998817ccd8fd9135

SHA1
058eae9cb7bc7939af5abb933c1521ee399340c1

SHA256
a329f468f80f8685bdbd323c02317a1985c6b176192d587d104b07e4404ba56d

SHA512
b05cbc3bada00c2b779285dd643a5fa0285e8844d6601cea23ad3500d8fabee2fc6c028f985b0f494e046e3363eaae857fda6ffad39d5ed7c696f9d986efb64e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
36KB

MD5
47d88f0e30322831ac51429e321af624

SHA1
0a3a50ae8c9d61a6d96b872f91b4694187be0bcb

SHA256
ff066f3e1ab3028b7bf326825772da1a50d4c9bfe92ec0abcb52f17ed996482c

SHA512
416fa132223c396c6ec4ba581383ff0859ee02a7e73acca4836df0e8154600cc9cfa4249832d0370fc7c45232e0114994e7da36d094cd459a6f3c77be539cece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
32KB

MD5
d6b1527f6419bd2e74ec2d71604d84d2

SHA1
95ff30102baa2a70f9259e21179d48f0c7ec951b

SHA256
37aca6764d5bf1fc67ec762f42c6e2195b2fcb6e7f80f654e74543e437344aa2

SHA512
288ea5fca3566edf29300b207467cfe12808ea596f6c1f4c91d1ff3c8967a956d6517e2afdd6032f58a60268f3aa3108cdc468984cffbea0ac9356fa324a4ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
40KB

MD5
10e6ebfaaab9a6eaef1ecacb5a914ca8

SHA1
2ac7e507bd282c04a458013d2052128f7b2c95bc

SHA256
320b50e845b749ca84d5897c0bcf5de7d401d3a4bc93ea44eaab32957705b8ce

SHA512
da1db32ad1571ecd339e5b3dc3ec398237f91fe07d8c62da055f3a2be6a4bbb7cf5c58a62350df6bd3534bdf5855b4c1e79ef1a6170a59fef17e90481f86f54c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
46KB

MD5
f6e7d5b4510c17c5d0058747b3679bfa

SHA1
12a91cb86304f2f45ac3478176fc0c13e2cf9c95

SHA256
5cce5ba7dcb04fa3365ef12ce3722b5fab4afe136569f2f08d6bbbb90e47e895

SHA512
e7146268abffd9c9042fe8e70e3f51b10522493f3cd9fd336d0e4809fda4ade11474752120cd515242e6e27c2a07c06955b307651834819c632c9ed1e123573d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
58KB

MD5
27053439cf10d54aaaa59c9eecb0aed4

SHA1
7d0f3ff0ca46851c1d003f04071e5a2a968fe69b

SHA256
7c5fa1d2c2f8e00c3c0e915dd707dc49b9d006ceebb1b56990761c03e61dcaca

SHA512
715e934a5a9e9502c5949ca387f819c2fa826cc51182fb819dc3e17cfae5a2ca5b6b338ed55ee1a3745025142c19a35eccafde6d661f467c11c5a7644f23081d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
bb995a1a86d09b54aa46fdb4fc211f92

SHA1
0537800a0c71bd45ef29eee76ef929fbb995fdae

SHA256
0eda43ef1d3af4db2d25ba4a280f4c248fac4bc5649a51c9a6998a94dbd4fde9

SHA512
857ef8a086e1eb32328868b9747c7cbf3f93015b3888f3c7f85e74c6ff070d0fbd141c55d9a063cc57f4617d16c25093d285917a597c91238851f98fee2e6bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
145ff5b94b6309202b8d01949e8c2d89

SHA1
6cb896ee20bef46e45fb5f0993a9ee4e431619ed

SHA256
f4a9638b6b727bdb62883c8e301831b6dc2ff978f754d1f2c2dc85a43e2a03ad

SHA512
9125a1488b4cdfea50c0c7bead40841408f57ea2ebd0231f43b982927509028c52cb62c4b56f27af1041f97c16c827f84f6f0ba79b25076d234f55acabb7b568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cb019594f716094508dba6355f09545c

SHA1
dd12a2d29f97bfc5bc307928ba7a7d532464490e

SHA256
d81650df8d31c3c77dccb93c66c04f68dabda227ceefe333dc698abd34a32aba

SHA512
e0c3098619573bb4123031057598e4283fbac52cbdd01fccd5880b00426675b4f6ca93728fb8e455d64893281fb78f201e25c02d0a062e9207429c624f05e4be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
7ae11bbf76050e3ae8c3939889fde806

SHA1
1b0a96052d428f96c72e1b27312b13e2c42ac1aa

SHA256
da190c87cb740f0cb5d8c596cf3f0b08ceebe994ab2283b961688bf7f071aa8e

SHA512
ddba0fe7296beb6a0aad39b25f1e82a6a0cd0a68deb023a41cb2c064f7af3b314ac84c5037cb9ff8fb596ec919394ad148b5b2812cd03c575aa63486cb787819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d6443fa9733916b70777570fd6b428f7

SHA1
f728fbbd0194b98141f7e97f503cff8082d315aa

SHA256
e26b5108b07111dbb2115219c5a1a156a73be9f1cf6cbaf828408566c9c4ead6

SHA512
d8753167ec1df4ae364edb51829ab8d679546c2c391fff4c5ad24db22897dfedb3109bebf0588104a9cdf46d0311bbd6bc9cefccd127e5611f255654722eaf35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8a67fcb42b36838d99f8859b3f40f406

SHA1
aa03a6e7fbd0b2c1baa65541cbfcc7649bf4e432

SHA256
9231c3287b77b007d2da393759819d1c2c57a318ea03b20956e6cb74362df770

SHA512
125ee08b63489c0ce2cc3778412dd442cf3737168639d561af2f1b0c618cd66c8b8d1bc6bfdf1ae0dce1ccbd152ad0397dbca2a7b2204c46679330305347d765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
39a6d5143a1da04ff006e216ee55e637

SHA1
516492fd90ed1062284cfafc47e0f2ff00b679bf

SHA256
998f16be09be6b5fe77ffc351f3dc64ef0fce8f688f951d79eb34235a308faae

SHA512
dceba25141cfbd72a03698666a4c943c29b8fd52bdf1fc703bffeaf170669913ddd55fa553e9605f67f9bdcb814687563d12aa7e8b3cbb0cc7f1b5ed58556132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
868B

MD5
62505caf2ce400aa7fee4e9b10e3b101

SHA1
1c140caab7cf7e2fb20933fde6602649bec6329c

SHA256
e74d0cd5dc574e77e905a71a1f346dfa07c728f9671c6c2fbfc0c2db39af3c61

SHA512
4a2bacc564ec4b6427fdbb6c5144323f0de476885af49bef9840f04cf2f0e9de56ad03adc751ce9cca448fec5d596bf1c512847c30a9b1dc939ba5f9e8257651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
e5ae7869690aecf0f742eb4f884b2c53

SHA1
e28ac607fee8b938d3cf72d77e490ee7257ee562

SHA256
a6311fa7434190b98317888bd5431a7b741501aadd55f2bb9c01c632ab3965a3

SHA512
f0bb390418692cb9ebe22a4c29678f508e90a2c175c2f1d7365e99f277999342c56cfd9a713f6506d291aeec5eeb5cce4c8f2d0339c586387e769687a79fd194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
143fa0ef32eaf2d130667a753c3ec878

SHA1
eab054e39d1c37efcc706bb18af97f666d8c4036

SHA256
6acf3e8ab4e84babfafbf2e7f746fb6f0e9921aab79b82be4c9377f29db0596f

SHA512
8557f5ef5aacf3d191beca4fe094307e14d39ee176830178aa95399ab723ef9e79948065acb6c3fd182fc70c5bee071b283832ad0317d426cf1b0c5c7bc0b52d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b17b48e0c04bcd14214c51ef51e04202

SHA1
450e61327c6c4544cb18be963f4189517b78c28b

SHA256
5d3211e71a4065060fba162b29467e1f598a3f93d4b470f55020eeeba1d101da

SHA512
90d9e6d4104b9048f8222dc76c38369800fd7c75b7b1cf11e14a8840d8535d8e0a09e0177004fd14d302a9c67cf881a4ba522e12d1dfa005bfce35ca36480596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
6b52bcca41d04411af0fab43ff3c9e8b

SHA1
deef84eea6979bb8bae8d8037dc0fa824523b129

SHA256
6dfc9ba2d549d4641a5b064b5dfd2257976ec01f847119112cb909dfe0e67354

SHA512
8dc1aa8b768dcab83477548eb6ad9723f5088820527966b2d3dda684a77cfe1f6821ab8e93ac7b9c7e8a19e2d60f01ebd146143bb82709670d6347b3224f2446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
e4030cf36037d9fa3cbea14b8ad737b8

SHA1
ee33aceb6a16374066d6f827cf613d547098279a

SHA256
9e07befd6c500d049199c524dbe76c1709b6087c11f3c822de219c67a288366d

SHA512
69e489a2ce22164627b3dbe4bc73702ee419ae8f8fdf18b1f452816512813492d0be40081075790784c4fb0cc27ec45b10ca7ee61a8812fde2d89897966efbf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f35c8993eb28543398884eb812f47f94

SHA1
f19ba9523f316fffcdb5be2c9a33dd598683678c

SHA256
d97e0f59bf9d0037b2ef4d2b15006481c77181ff8a09b3178deeb71e31451ec6

SHA512
e01c4aa84287311422c41b84456507f35d5a2e84617872447ea4a0493c0c5325a1a4d5c6cd99b460668dba4d5ffdb616a4d06cc815cf844b2eac569e7c40a71e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6b87d3a6e151efa421646f4f5d7758aa

SHA1
e4d0c2d1114e164eb945eb65b21cff3a692d5aab

SHA256
a8c64c39e1c0c13a46b6d2449242051041b9d16363d7fa1b5dc868dc357d81a8

SHA512
d918d012adc23c5a4c3f438329e6f63430b866b0a1a02641d66cfd26f90a8a28d1a1abf3e117417523fa6168f20b6772534fc2c54a3f20598cd7102b8f9c457b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2a7307b548d181a207e22e27e32717e1

SHA1
16deb9cb9b8816a5586e46ee7977ede53212d885

SHA256
2c81ea8efe00097479c52c710d090934f7ef9f050eb6c40e9ffddd9c93d1a5f5

SHA512
3fa7c1591763ffe480475f46c377cbe152f1e7f6f7296a4ad8fef8355ec7fe3d2ac86f241a5e328555459e697c9f6e995b0441c79230dbfadd76799f4e6024bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
abdf38a5eb8f3e5eda21459f5160b10a

SHA1
e5b449318224c67605b7d0be6c6aefa14b6b9919

SHA256
fc4fcd68d13bc60aa8b49adcd9494684cf9474d1372075778b49014b1761f78c

SHA512
4b6067158eda08222d0f906141c412323e398f58ee40a8cd8c7ec9fd7b4951b61a802c8e15244d2d1267ca38b2a73ea5fa4398da5ccd8101d24ad51bc375fb97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e464e7af68d1f66598bfa8e2cb389830

SHA1
48964b51b4c86f9c4988c1c34aaa8328fa8254d5

SHA256
f3fed28606f940c77dca38ae9e252b0b936affbd405702eeab1d1dfe96c9f11a

SHA512
e02121f90be805dec9655ee9d9d6516d3ca3d1f81586ba905cb2679051acc4918d212ccdcf597fabed3a4ac71537343793cffbf12e03d171c8ea0731d5f5877a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
5bf84064c44f32e3dfda9a66b6a4c897

SHA1
6cc6060f95cd06e2700239b5b41181552e4c00e8

SHA256
a10fb01235afd073c9591423fe050d9db408b20b3ffe80bcba1da308202fc2f5

SHA512
ba5e10b4ba2d5f5b81793e1632723a9a7ca5910c90859556cfa97ea4296925e11699c55a0f21f9527d84a969703b205c297883477ad581e7509c2d2bf0a814c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
912403d02c4dc5d0b9efb0a49f43d5e8

SHA1
16638479028d583b3f451d55a719b89c15cc27e7

SHA256
06043c0e6ae4b5ef225721c386cb9061123e1d7f4faf26a3b5fb920263d1c132

SHA512
8a663bbeae42056a8de73a0c66cee82400efb17c59f18d361137a3a5083fd0aef27f5fa58e0646fa986b3809a9591da9d76cac327240507361e272bd87bda03f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
43a4fbbbe25f2eea6a8c88bcad22e7f9

SHA1
c57bbfc066b8daa623aba0d6538cc392a75c87b9

SHA256
4a09c80b6078b3b7b40073209a5873a45933596e6738258ca14eef8a4c3a0bc4

SHA512
11d2520b67624fc6ef685a08288601ee9b167d56c340ae4ba04cd3680a1063adfb0beeb731f845aa5273e932509dab94c60139edd810593b1db0c0ad3ec58980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
8c291df5153a214f5ea52693cc9a84d1

SHA1
d20173f960c43cfd5a689775508fad4bd66faafd

SHA256
fe126451195a6fc80a1de8c03898a1c20861d6276b7323a66c83c9187e0f0615

SHA512
cfd10cc09b7b52bb4010959c8f450ea46edd4cf617a9635159c7416ce260e7502fe4bbdf2fc2ded7a6df1173f157ee618997d0569bc4a31c7589ac0d4b29b1bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_224_QSKDSVKUPGPQNYFF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit