hxxps://steam-gift-card50[.]com/gift

Resubmissions

18-03-2024 19:02

240318-xp91sage6w 10

18-03-2024 18:53

240318-xj5twaff55 10

Analysis

max time kernel
458s
max time network
460s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam-gift-card50.com/gift

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133552625358611069"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4472 chrome.exe
4472 chrome.exe
1792 chrome.exe
1792 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exe

pid	process
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

chrome.exe

pid	process
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4472 wrote to memory of 1620	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 1620	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2708	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 3444	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 3444	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe
PID 4472 wrote to memory of 2984	4472	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://steam-gift-card50.com/gift
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff62169758,0x7fff62169768,0x7fff62169778
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:2
2⤵
PID:2708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:8
2⤵
PID:3444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:8
2⤵
PID:2984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:3192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:3472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4920 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4556 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:1448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4572 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:8
2⤵
PID:4864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:8
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3880 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2628 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4744 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5960 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5992 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4924 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:3940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6044 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4052 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:4500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5656 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5256 --field-trial-handle=1896,i,10687134241462931398,9852215576746753404,131072 /prefetch:1
2⤵
PID:4724

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2756

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
bc16ebe41a9fc2938c4060992a92b0af

SHA1
1719af3e339b187d984a76437eb80cae5dc50e6f

SHA256
5874dbe9583546eb24cfb2b237d58f97ef186cd72866dd224df82e62817744ae

SHA512
c78d4be86a3f35ae07375b37fd39f869d317a6ec6699d7673731e6f9b255d7bcbfacf58ca71c3f51baac1e2b2bbee7da58603efa5bd51a31162c481aab7a912c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
720B

MD5
09e864b7633d4e42ffd8c7d255833f2d

SHA1
72ab0fc2f9bbe0b20434a2c0395e0c9730d6f27f

SHA256
76015747f00d0833ff1379367248f915471dcb118b1401ea14c459001c6b7cb3

SHA512
378786ed15c0ad3ac8f23ce467d9c461b5f410b4f1beb35e9f038d1b7576434c6c0569b5e4a3173d1d01b2e2260416133027a193e8739b041273930575faf216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
840B

MD5
fd9e661eab7f58765f11f1f46127c86d

SHA1
065ae215758a223cbd8751489c03d688f0c6d1ac

SHA256
e43c691403a42815be3a66ad9174eb99362bb817e49b0004bb458613ff21e904

SHA512
b304118e297654fb7796d182ec5b72e03d994e3ee71e3feb49670ac5b17ef0479149897b00dfe3c6f540cf395f0958a8330799d19094c2797a4729bad840800a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
fb5f1ac55d5d119d3949960efc71adf5

SHA1
39ec682838dce8f40f84ee82d35ef24b241c6bcb

SHA256
e7a2e0fbaf213a42333471c115b3df4941002a7018704a02680bdd02174689ac

SHA512
6512d5d8fe9179d2e65502ff4ba2eff9d4d3dc23ff9a09219989b9b9503ce7ea21f3ca35296762b5539b3ac6d0649d7461cda1c9ca44f14278e8ff4438e93a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
840B

MD5
000a23137f4288fbcbaf26b973351fc5

SHA1
fc03d5af82ced134ceaf444f9938ea526118a76c

SHA256
68b326d76ea1c8d4ca995b19529d15163fb4b9a2ae4806fc4da49661e1a43e3a

SHA512
4765d49d5adfa9340da8824267ed2745f17f5ada270088663717a37a2ebb06edb397f5a65882c7cb046855beb3e84d313710ec88751114b925a6dcf6802e64dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
4625719c21a61c95bd6fa03f69bf3867

SHA1
7899f96c8d79977265dc96cf90306f8b4f0b2e4e

SHA256
df0b0a224a2a150c5aa0a5407a999cb54b608bb57693b169fbd9aec9d83c7114

SHA512
7d02b16928bede7cbc33b291854d0c97487dccbb227ee5fd92a130672f5215b29123ea2dc0b94a91c80800be4cbdb3805922006115359754feccc035c6ab6957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
3aa592259d2e384783efd28658814236

SHA1
9fda9e8037b30da4ca1f03ac210b3dc0237a9885

SHA256
53cf8e733358e266553cec430de850295ae04c70ae883b04f29491d4462cb80c

SHA512
1a7fc890d9201aaa994c52d459fd029fdc7f339e76e62a8992f63a2b4054ada087ae934ed5c1cf711111d1732aa8f96d162010f64b32c5d976892d2f3062a63d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
48a84f796e5fa22dbc98533a290e3e42

SHA1
6efb82f5736b3ac4865574bd8e9391ffe2d3efb9

SHA256
a00580e833cae853e36d4771f502ce9635c0e07015fca59c7bde5a618c18376b

SHA512
33dfc8381e0afa76188bf5861bae3b9762b1f99b07f3678fd0f0720bba59dcab87d10217c2ce92ed984ca303a3c8dfc5c1c93856db3d7abde4427048f20b8573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
02efff1cdf1a977f16be951ee430b83f

SHA1
a5b04a5752950f44ca657d3662e652cc50ca9c83

SHA256
513148811656dac51bfdaa2c97a3f24641d71d97b2230e850a29f13b1590d5fe

SHA512
bd18702ef4c86818abbf11b9d838c14e7373a7b6147202c8e5001f8fb341344f04457cb08f7309eaa7c464cc71e3a2d8cee375d442578e094194087a057dd263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
65a1ce949f684867ce2c30b51b42bb71

SHA1
a980bfd243390da2e69948486b97dda4f7edd775

SHA256
ec10b2607d15e5d555098bd2481761cb29cced83482bf6ed20be6ca3fdb6b737

SHA512
acf2e60f2c0fe17fc9d1ced4907ab239f66a2aa4df39b8a802e2e426242572474a837d228151f3bdfd3e081b5833bd2b6f9c6611af748aa04815c257a1bbd6ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
bcb19db29af5170d2d668d972bbc83da

SHA1
3632a9a49eba5d0d6bc9650c26ca1b094061ccf9

SHA256
d05bf09ff0a30cbb43d0216cd70a89625701ce3ad9c5ba276c214599d5959a4d

SHA512
97b808f234b63976b4fee32d131e9ed57b93165e7a44f8d7b0c023dce72347370006d0d32d54dd60d1ac18b32890b9dd05eb1356b48c4b674996f43e863dc77a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
ebb118eafa5d59e99bb3c8800f59cb41

SHA1
71ce63c11f790181bb0e9e71898e32aaec687234

SHA256
700de78aecb22738dd2656d19d096e5a7f20c68c4e109ca6c817750c66315ad1

SHA512
8c87785ddb0eab26d1c677198bbfc20227f2af63c163c4f9ecbaf46099a5bae8127a7b8e36a3129de03f86c42218086be935c868f55f7ec76373bebf97a64217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
872B

MD5
c00f5614d27e04616473805c6add4ae4

SHA1
0149747ad3ccf0eb3db5e18e9d7e96d22fba47b3

SHA256
67c3335a3cee937c7fa40696e1444021931a900ea9f31779e81a9aff5fed9720

SHA512
f8ea249178b012726093716dbad0616c73ef0ec20cb47bdeda59354e4ec83027d4a5553df73a84a4e0cb112b4033cff7c11d36efba41f80895ba839163c84f64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
872B

MD5
b20e88a8b9bc9cc38532142d99e6abbf

SHA1
9a3b21cbcf004db20f94d6a57704b711bb4851f7

SHA256
48fd788a12d97bf36a5a1318573bdf4befa03f7eb2002b294c2f6d97139b08e0

SHA512
9962e0ce53e1bfff32c3a5263a05920721ab5a888cce4d9f2032b1093b2aec0515c0ecb75a5e8970d37e292a34313e86830217082e20badbc79deb37cb1f1bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ecc1bd3ca15f0a5b5f839c0091f4480a

SHA1
9d7896b01c2bce0e9577119a123d7b1a2794fdd4

SHA256
7e19e6a42e0df637998d17eae6fcd288d9a7adee3a78f51b21e12963ecc5ec56

SHA512
b0e8c9374e3a80fbb9a93d6e70f81306b4db5cd0e480a62d29f9b57a92f4c5eb5a8ee009a8016308425e3f9a2d11413e84915b78719c77e0201ff4b5e8dc83e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
9e18e10f7e50ffd91ae233c4cdb3df53

SHA1
36eec9a38a24d2f9213dd294fb9b455625a650b0

SHA256
5f664f4d4f424ebba4c5dfe25cbcf46e6975515f300856676d8200792d8f7574

SHA512
c957898509ac108eda1209cddd4209be9425195a746ce2ece55bf22c9f6cbc650f19e1ead48cb3b285aa99b10edd07efd9a61da288f0f995d35c4a6716f9718d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4e71650039e8496ea6c150dd503fe20b

SHA1
507e3f28d8fc5f779a1cd07ddae486fdfe91038b

SHA256
e6307677bbacac09b5c95a7e76a08452a7da6b394ccb0bb42d8f1f40b94f31ae

SHA512
dcbff75b8ed6e10a5b375153e7805e256722afba9b93e0a8a9c1d612a96a79512fbbd87e4f89f1129e410029c5d9854edb98a62acea8ee46def19d173dee9e66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d4ebfdf429dbf450678310d02b83a323

SHA1
6f6b53d264f507706e5e49d34a1a6eab13248a74

SHA256
1778ef4522714e817492dadc2653c5643dbd95cb746d50253fcde17bc96c2446

SHA512
bd807314daf40e2cd4b3f25eafd7ad56221c7a7504e6ec51fb0018e03e0cf53842c35c0b62ff2a985cbdceb9107921029ec2a9167e7f860d671087724da37dc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7e9475204d95d6ab09b10c1b285aaf3e

SHA1
1775f3a4c0fe97410026fa288f9159088d045a79

SHA256
f3cfb4026b6254b7919c60fbb653e68e10dc424bd223c82861b800949cceb914

SHA512
5d8babb64d32b2dfd2057737fa1fb45efe839e40a5abe9e1c76bc1345d5f8e397b7abeadc750bf1c597b6fb497d6ca601dcfe9b00f2a647024bf206ed6909961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f99461b3f65b431b42e8c041a1fbd45e

SHA1
05c864673a1e7c9069aacdaec8df03ab8acaf3f0

SHA256
5554aaf73d875974c7e85989b5aa18dda346fb07e73bdf34bfbd03687a3b1403

SHA512
7a371fbffe287ad3013162d11e7149ec2a12ef6be18d2a0834c4b261ce66c0d678f58fea16cb2d19704e5db71a93597cd68672d9ff4bd24d927b0ace9f575a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a107348714e5f979f5f8e07c75515ef6

SHA1
6f99b9e0053152c71543f3dddd180758a52f8f8c

SHA256
8f493b4a5954d98773d3c04b4e775ade78fba7dc80815ece6e6c0b88e134f298

SHA512
f577f48afe7f85e048bfeccbbc89880529a5fb61913966567d5c893c32cdf86259825b23ba369a2c00d214b6c8ba5d39a16de3d8a55ac62456e597ca9bb36ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0e23cfa4e79d451ac0320cf37d043e1d

SHA1
ef03d8f4e659b38af6132689dd071bc82c8f2552

SHA256
7f19b72e608ede570c2f2914e6a7f256ab06b9f24002a204ebbe8c9658e327a8

SHA512
74fcaa5bda71d7843e649206e88d6098e64c498b722b47bac93bb572ed18eb6404f89d43a4eadc6dfa4c166549342512329a18b74002e8e81c15de829c66498c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9307c714c2824304a02f159c3ddc26a5

SHA1
9acdd1c541d67f874f5b6aa5d7b6aefeaf106a47

SHA256
554b8cb91029628b6c85bcf831759fac624a2176bc11be56c858a951b6f20029

SHA512
272581219e77bd562f7d4401e881ae9e9bb00145cc3f3157cb1acc17a6fc3355851f1d2af6f32d49bfaab2093aa84ef85eb21da427559d15c721a1eb862e6b24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
0c0b1d8effeb824698b71e197685736b

SHA1
cc69ab129322eb31f5ae92f48f1fa7250fef6a4b

SHA256
f4d18ee3cf169797e19bc8c27946ca6731deb22d46408f4672082d69ebc46892

SHA512
3d4c27437c45ba58c616f62b35c8d3bb7897e0befa9dc9a1d0711a109ba7326f56528595ced8428302794ec0f965e8b177083e9b92f8020540ce58ee44d3fc12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
d66360b04239825e9319348f3934fc25

SHA1
a406f967f31b2cb0fa134d0a58095240ba24d93d

SHA256
0a0a9a2a3d4271b8e3a81424204b44811af16e1c6bef45e50609230ece15ba28

SHA512
a00e2d21640c4a70f6fbe314e73beb3c743e57554a3bc5950d3383cfb34fded88379476b42e0fa1611766ec03d055010ce49f35c5cf63bcbee031737b5041826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
16ce1346433c083fd16e307645c14a76

SHA1
2a3b5fd1fd4747a5a80d856e1ce98a2d083f0d34

SHA256
68508a70c8f0d68428821e4b64e3044f29de6ec8eb40efb99b065c051fac6f58

SHA512
3b22a35225aaa9cbe7c429c5f66cb79af04a0b6c2602b8117bf29d549a83c749e7d33fa0ec779320158e2217fcd6c82a8a9cabc83f960852ff2f2343543c701d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
3b920a9afa3b3dcae2a350c4d4a276ce

SHA1
337084a30e414ea012bef331bba38cd7ce4f532a

SHA256
bc01dc03999a48361eea6e9f76067cd07d3f25e4c0a8134ec2cceedba4dad693

SHA512
71fa4512b20e774cb3fc8f556e4a8f0c9007b754e82e8356bc29d229abd2c73aa35541b55311c56cce2df5de175811f75170efd46df066832a11572093cd6b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
d381f9f773956086d70f46b7304e7f31

SHA1
8c3db12424224626d4f0a7e15d191899cbbf819e

SHA256
cb07efcaf174fbfa6f16ceae59b7dcc923712938b49222bb7cd4cb55934ba73b

SHA512
1a71bfa15b51dad7f0654810655e648bef87f9c4799678f4ac701a52ddc1e650ae292741df8bdc828b14ad1be6acdfff463edde73f7626408e8ad6932846c756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4472_CSZOQVQMYDUYCAIR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit