hxxp://jotform[.]com/app/221314152334139

Analysis

max time kernel
83s
max time network
88s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://jotform.com/app/221314152334139

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133561872194454569"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 3892	4076	chrome.exe	94
PID 4076 wrote to memory of 3892	4076	chrome.exe	94
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 856	4076	chrome.exe	96
PID 4076 wrote to memory of 3844	4076	chrome.exe	97
PID 4076 wrote to memory of 3844	4076	chrome.exe	97
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98
PID 4076 wrote to memory of 3440	4076	chrome.exe	98

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://jotform.com/app/221314152334139
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3a4a9758,0x7ffe3a4a9768,0x7ffe3a4a9778
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:2
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4652 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4980 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:8
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5644 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5760 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5272 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5376 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5216 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5616 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1632 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5928 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2584 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:8
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4800 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=876 --field-trial-handle=1896,i,8669136484312417137,15613119956045632513,131072 /prefetch:1
  2⤵
  PID:5592

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1316 --field-trial-handle=2148,i,1752153415760610784,11376271161549019716,262144 --variations-seed-version /prefetch:8
1⤵
PID:5572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
98d2fd5055f02264fd54f355b656540b

SHA1
cd164c1e2b7b724b82bbb77b467eec0196c3c669

SHA256
128cfa756babcb0bd283d9771075b572bd9f0238e65b21d271e44dfda609859f

SHA512
6f992b26b13ac4a4b7027be3fc890c992607d9bc81845168baa7326d601899c128b67144168e0ed955758170f01b666c312a7ef693b7781602515a0d95f1b1c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e752985584a5a5f528bd5ad9f863b1ec

SHA1
55f3f7d9c1236296aa8c5221cefcd92eb92af63d

SHA256
9cf7a962f1150cf40fa963879c44c1f82d14de110ab55da9c988df951c22fec3

SHA512
2be9f5869d8c6a1354edcb59c30cb1301ed25445224fd89986552045863a999f5fb83b4213d20be93d1857175622bdfe72394a347b391e2b0ba6ac8c41b3d7a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
56ad5a45bed771af2233013b6a7fb2a4

SHA1
57e2a1a954970fafba96c650128847b58f8b3ad6

SHA256
d2f5c5c0bad81aace78dcb0c165972fbb3fb280cc738f403a0508f1a281806dc

SHA512
392125e84229b2a31d02cf723ce5cac173a110630f44282ab5b8e59cf10f3ac9b10750cd95e16db90d488978f319c0446e65a77c300b34131b22449b57bcb40a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
938e9aba109e10d005caeb8a155ad1d3

SHA1
33b0d913d55165500af66c8f55b0cb2fe7dfcdcb

SHA256
739aa9fe5f6e69a2f0d0841c0532e5c825f4e0635399ccc46d1a6805615e1e6b

SHA512
82001e8815d8260cad7dcd95e3818f9a954ac27a8c580d6690c03764ea16f2c778c237bdfdb99caf99493a1e85f92a1814497722c2ce192fe19ae6839e4d69a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8fb2d90e385331fbea287d5e64e14c69

SHA1
394d596b3a68a3abe2546914a14982489479bf35

SHA256
a9ef8fc7fd8aadb167a30b8f9bf5071521fee40a3eaa45e8dd3e88276f8669d1

SHA512
32c76bbbd818a5599562707aa6554a1559077ad4b1498ccb00dcd2ba4cfd234e00e305a7c23c43f2bec06fa30551c83f8b667a6256d01a4df4e9ee15a016a05d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2c20be506275b797732b4c4f7c379fa39b66b35d\index.txt

Filesize
114B

MD5
6150667145c1d15923ab457c565a1925

SHA1
7358189a74f52674fcc496a4d5627896c4c97c08

SHA256
0f2cc517581492357eefca87941d233fba5300a89a409b34f398449a7d6da072

SHA512
1d4ee5351248e87464d014b2ce5160983b9b8db81e7fd84545040d891071690873af46e351b3bf3c9a6e2886db4d9c88c725d41854ac546be59878ab82359165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\2c20be506275b797732b4c4f7c379fa39b66b35d\index.txt~RFe57e407.TMP

Filesize
121B

MD5
afa17dda12cab1fb5f2eb1667baa6d35

SHA1
eec033574d4861dbcbe2c941114b96033e6171f7

SHA256
e7d80b3cbac176b11e0ffc3231718e135c419435fff463555ff468a4f8d92fd4

SHA512
0d30e02fcbabd94958c8e094a5244864f86d8bddd140c58686ae26e5605106a3b14ff582abb490a144e060733322ae0d04361a84bb4a89fb96ff1deffba43041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2007a9cda03ad76101c371029e560723

SHA1
861fead4ac95e9f6df40866681e35e590b276afa

SHA256
667f98852a910404a8fdb1f7d9a31d5f17c9a044018e56a7d36e428951ab03c0

SHA512
e6eac50f31a508c5c63f03eaaaba5fde9fc737188c495ac9573f5db87818f8e44acff4b9dae3e65eeb6bbb353178aaaebab98df98afc7832bceacb739402c965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e280.TMP

Filesize
48B

MD5
d6a7e659d40c1ed5f53af3e8c64a77f0

SHA1
b46d71381d26bcbfe6bbc5b6c06d98b8f516db27

SHA256
55e4ae63e87a1ba6b14e64503b1a46da985efb735372b2e1e3c1906b5967d755

SHA512
f7d2d5bf9c4fdc7f7a89b263730310106bbf13dd7636f34c5673eac3acd29fcfb1df37eca9a71cf353b3088745647dcc59d31545f227960eb72d72aed1c4bac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
92c38800be1748eb3edb866a3217e713

SHA1
ad87d7f2a3779590a5424cb3e88123e45cd7ab11

SHA256
0c76bf043e05b945bfdae2b379d5370148b802a434c5b77f12caa98d50076205

SHA512
14492ef17ffff8f3ca6787f3dde807715608032d58be76dd3d20c371421af0ccb31d84220fb4ef50bf259a1a5a7940086bd02dbb3522a4bb62b21c1e749ff16c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
21b4deb74e42b77e078da06e717776e9

SHA1
1f71f6856f82d00596bf885901b45c98e1cb752a

SHA256
24c0076f8f7bceb04b244ff6a3dbf396902e9807bd7911bb77ef52bd34ed8695

SHA512
da00fde8bbe802fe63480e2353554b468bf6ec2bd53f193d7982f0bdd74b487cebb63fb48b4d6693bbe25e6d0fb41a9952eb0d4b8f95a65c5d50ef9f3d34220f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
13f6080accc682c6193e4ef906df18cf

SHA1
4700cf97fb1c6737c993713717ce7ef5a5e59f17

SHA256
b354519d2c6bb539671e19f263a2159af010e88307ae1b03ad2736a7f086cdcb

SHA512
d1e9012ff3f7dd8ce71e5ab8516a37d8f2386b45188bea6791380077c3fa5e482dd899c6526af13f062d775559d33969b6fecc4cbc6a12fdda2ceff6f8ce40c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
e2c56fad6ddff5e0a79ef19e55e310ee

SHA1
c31b3c059fac4f55ddb76520ad67cd8495e82d10

SHA256
15562d65c8c95b8892576822de9fdd435985b8635dcbdeb759e400e64a3fb8c6

SHA512
be339b1d2218b611fd7e1f84598fe1254ef262e30e7ed8abbb3657c740251598b2bb68475226d6aef71e70b80a20473a52e796a9bfbb5fa9e9c813667986963f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
9a029d3d386e10d7a5abe435d7e57ed5

SHA1
b0749a9ab49f2187ed4518a408e51443cc455bb0

SHA256
3ab4f758375a7aab437b22b1d22e88da1f8e7cae7189e2c3305a79b13e1ccd29

SHA512
893c21f609a58ea965a13cc46ad7f85beee4e62a750531a6e821aaab0bd9a0e8ef95bc8870e5748592e856b0adf6bc6acc9dc50a7b6669e22c9f0d278c6d38e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
cbbaa7af6f613a7d19cc323c1ea9f8a6

SHA1
3405ba062a872ceb73550ff463a73b4916aa2e77

SHA256
78a7357a0e91b523a3163c7da190579c16c76a9861ec77ec456941be52be2413

SHA512
d1071759978ffe4a016080bfdcbefc212b070e123569266956d0567353811a4ca881dcb2345c1c9b5f273f1e13d8ffd766a5e1366f556cbfdbd3b8c358049012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
7fac0c2500af0751b640f92daaf29601

SHA1
fdcd2c51a251adca7399d1081f2f5db777f6cd09

SHA256
a07e4b17e9e315bf55d7d478b32e97ab23828c5f5ba2f13ca586b754b8c8f525

SHA512
57c50e4d049d67fdc89244b188462d2b9978703a0df7c12202fc1b482d4feccec60662248c7e6d0bcf65cf29f31915bc3efe415390e8c79886f48b6db6c31c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581a49.TMP

Filesize
101KB

MD5
3de174294148068905e3763fa2d49eb3

SHA1
a55bcc87d5eb10eba80907b4e5e74fd2fbf28e33

SHA256
61a2e2951e253cb4fc08459f294dc9a79e38c17f78729414bd4bafde07486c37

SHA512
fbea795b214fa8cb49dae5657439d2ba0a77073d6e56d378987374736d3aaade81b8bf064ee530a104020c196c76529752201882c008ac04c3fc6a12c75d00d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
6KB

MD5
d1bbfc1ce822ed19017d2bd151eee985

SHA1
8085ec82a4b4dd6194ac96032f76d61b087e056a

SHA256
6c0e0ce50494198921e854699c57eb1338eef997ddd4506a3fa3476a6b153c56

SHA512
5533f914a62e8e54c07b8900d7c0f76edbeb8deb61100912fd50438247a4b5bcc2a133d77b2a47d32e7150b15897acb61d3b7b89f6a6d96198a03b893e4d74b9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
1660f36bfc30143cea1c1e3d9284ca23

SHA1
cd672bd68cc7996aff3cbb20f67143de5c401428

SHA256
82b5c8368948dea30efa0bcb101e64f04d76f3777d9421d22efc3dde8af65998

SHA512
5d82ba86a26a324d978f6f14be61e6a3da9a4c0822228c641919623335f3a771317589f339c63a7820f038e2b153edaf11bd81bf021c26ad37a66ab324c9116a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
d4f699abee2f6082f40c8cee8bdbde1c

SHA1
94fff0c2432c6d089fe3bd4cba810b36d51648f3

SHA256
1b9956cf3bec1729abbecd67e16b7bdc7dbd764314ec465e83a5aedeb0e35381

SHA512
1550ad2e5de808de87eeec96a47a607ca4a6928ea6f46d1c4edb9ef4253a6a1537c973731733fd759d072234b21e7fa9855ca389b1b2aa78fab92d3040a0a883

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
cfdaaa9985a6d55f5f7fb7bfef97c2cc

SHA1
90f55953e5419f048924ba522a8714b88df7e2ea

SHA256
09cedff0aae17a3e0944ca3ea79df34f090e48d638db350d08acd4e4a3088246

SHA512
d0386f99b1b37e95b9b3bbbb16f1b0bab949759bfaf0d77605e1b5db2ad1f8785874ba41426f9e850666ada6006820020c0f50ed6f5b40fa1bb636f9cf571b7e

Download Submit