Malware Analysis Report

2025-01-19 00:31

Sample ID 240506-tkk93scf68
Target https://pub-fc61daefbed942ec8e3e08ef1ac790ea.r2.dev/www.outlook.office365.cozct_esource_t_esource_0848932-100rce_0cpa0002-0000-0ff1-.html
Tags
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

Threat Level: Likely benign

The file https://pub-fc61daefbed942ec8e3e08ef1ac790ea.r2.dev/www.outlook.office365.cozct_esource_t_esource_0848932-100rce_0cpa0002-0000-0ff1-.html was found to be: Likely benign.

Malicious Activity Summary


Drops file in System32 directory

Drops file in Windows directory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-06 16:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-06 16:06

Reported

2024-05-06 16:09

Platform

win11-20240419-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub-fc61daefbed942ec8e3e08ef1ac790ea.r2.dev/www.outlook.office365.cozct_esource_t_esource_0848932-100rce_0cpa0002-0000-0ff1-.html

Signatures

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133594852346083671" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3632 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 2872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 2872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3632 wrote to memory of 1896 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub-fc61daefbed942ec8e3e08ef1ac790ea.r2.dev/www.outlook.office365.cozct_esource_t_esource_0848932-100rce_0cpa0002-0000-0ff1-.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc2c3cc40,0x7ffbc2c3cc4c,0x7ffbc2c3cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,10544665217710656749,5494769203001870701,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1796 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,10544665217710656749,5494769203001870701,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2088 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,10544665217710656749,5494769203001870701,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2168 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,10544665217710656749,5494769203001870701,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3088 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,10544665217710656749,5494769203001870701,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3120 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4480,i,10544665217710656749,5494769203001870701,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4540 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4760,i,10544665217710656749,5494769203001870701,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3472,i,10544665217710656749,5494769203001870701,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4444,i,10544665217710656749,5494769203001870701,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3168,i,10544665217710656749,5494769203001870701,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4604,i,10544665217710656749,5494769203001870701,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3136 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 pub-fc61daefbed942ec8e3e08ef1ac790ea.r2.dev udp
US 104.18.3.35:443 pub-fc61daefbed942ec8e3e08ef1ac790ea.r2.dev tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
NL 91.92.248.235:443 aashhcdec.xyz tcp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 104.17.2.184:443 challenges.cloudflare.com udp
US 151.101.194.137:443 code.jquery.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
NL 91.92.248.235:443 aashhcdec.xyz tcp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 lens.google.com tcp
US 104.18.3.35:443 pub-fc61daefbed942ec8e3e08ef1ac790ea.r2.dev tcp
NL 91.92.248.235:443 aashhcdec.xyz tcp
NL 91.92.248.235:443 aashhcdec.xyz tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
NL 91.92.248.235:443 aashhcdec.xyz tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp

Files

\??\pipe\crashpad_3632_MPNHOPLJQIARUCRM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 7fee3c01d3aa62d676f2bece8e6bd6f8
SHA1 0e6f4c75f11db90613a45f512cb8c25eff674738
SHA256 419904aab3333e9be294eb93ee7177ae935bc653bb32cb878b6e766ad8055852
SHA512 19f4dfe85d387e9eb2b7f5d46b0bb7eb6ceecad1b534abfed335132368025695e135ab81614af6f4c5b0f18b9fed54f519f0e7b28b2c49de4d7543a773c09f22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bf5a3a8e-7591-4ff0-abca-4af0d56fdbb9.tmp

MD5 14ca7fbcc0064482111c1532dc5e35e5
SHA1 269190ca908d99640b10decb4c7c1da5015f9887
SHA256 5c544e0bb92f2ced3107738322516b0fd433b22bfa34d440c1bf925ad9efe2ea
SHA512 deca4865ce3e8ae86d693467743a899b792f5a0eba9f1f3ef766c3938749b6b811a0d88beb9654245d69da74e7c7b3017c3a760b17c456e02fe137d4a58dd2e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 787ce81d153fbd81bd697640248d13b6
SHA1 57164941822f22c0971d9b0c4e481732f4f9bc21
SHA256 8a95c1679302e86ce734d50d8dc187a51d2dad807c4fdbd3d4183b440067cc56
SHA512 34d3128ceca99b83e696081c18ce66f3f2655b670359b800cfd02af0a11088d13c72a30000d4a3dea86346adaf4a2ba8ed412f9dd0f90a0ecf07147e6436f8e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dfcecbaad0aef5a94384e554018c339d
SHA1 260b2f1f393f13d819215c1a39c33814a1cb1f19
SHA256 a28636168dd6425b37fb2170add197da0d26bd60922ee333f912e39843348d36
SHA512 3410ed1f968fb65b8e80913b6d6666117176adecf4dc2bf5b7f0f13bb642b67cc087639c77ec5950332046844b41e08fa6fad4b941a9cd4e49ce0a0f8065dfdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 38cf6573aa8441ef0d4d5c9a9884973c
SHA1 645ed4a199a42c6e23dfccb8ee7246657641c7e8
SHA256 61f28e136c957cb6be4b4f0261fc0fb3241101b57ee84da9160a3fb5c9695b50
SHA512 1d9978c752ce5e3f30cdaacbd14079594c04eae6722567affe7637201d0a11155edbf446d9501d5547b98e45c9d71f272d009c51a4634cf841016d7adc331cae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c9078cff9ec58be450e1ca124f8514d9
SHA1 37a8ff38be3c3bb9c610b82c38389fcf3a928922
SHA256 327774a6d9e7752a9c64dd107fdb42c62a438e41635916879680b519a875eb89
SHA512 0bf28237706bc5aae64b4011d7d52ac9a8848b88ae3f196c93045526b7e57a8821d85e129eb6abf02c040430794c7454be5e76b1c8b617642dd34fbab8fcdd4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 11712b286181b39d0fc09c7cbceb4a7a
SHA1 a71a3ab19b6dca06c55be2de57846a0703e00f80
SHA256 715fdf648f570b00f0f5c7e5da28216cfc7a0f14f5eb5702c9f01542559e0885
SHA512 313f7154f9a8432dc622d68651c3b067a670e98f15102280f42fe4ab61d43a2369a41362c6466b44d1ae932d315a5f2608d7a6d1e5e522cbd9eae1383f057343

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 95095f2b81f6349bcd2915b04d3220f7
SHA1 8d08746d2c6c2537acd3e0f53772f94dd8fc7388
SHA256 13ac224c96716fe1f9b422767473812742307b6d005e632ae0cea3de18b77f12
SHA512 cafb1d859e045a5c346b3512a9016bce285d322cfeac7d6531d3f7b5fa0673bf5675fc0cff30f5253aa397fae18bd5417807590cdd0faf8290ce123a1076ec8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7bd12a0e2bd8bc235949042acdb7a850
SHA1 3d65936d19d7b452220ecc8b80d5cd7754596e46
SHA256 d886b8f989dea9d01e99e9b9fb9e5a7c7523be215d871fdb834aaaefde954b02
SHA512 ba1c065c6a88cf098713c30298157a5840091ed9424e47ae3eeb1c137af2d859aff0e275a0cddcca46c4c1904b434cc5a60fdb2428f1a2ffed8cd67660daa38a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 20613371cc4b8bdff5c9a661f785cd1a
SHA1 b84dab20e74c894e6efb0958e7c8211394734326
SHA256 a61151eb3886846634fa9c7d561f01fd23ea578f639fee962476813d1004d6e9
SHA512 d478d5fec0960418c652ad3cc11f7c7c0a07cb6564be15680ca7e813ce6ffef36e555d1066bfe06677a91742b2cff11cd820f5d00045cf9c62489b5e36610cc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 962fb40e2fcbfcb0c990772b0dbc9bcb
SHA1 10ce1214a09ef8ca00406fd5421c60cd621c7ed2
SHA256 3b727729e18319d5721e12ccdb5d4eabe0aebca0171aec8d24cc66443194f339
SHA512 82dbee915239e008531d40c5c33bb9425120126bb32df8dd8078046006431ca657c20edee579d72cd49e11230456fde8c34b77d3ddfe13e4cad8c3ce032f8c0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8e74d9cda047a5017b6eba8f96bc0fb1
SHA1 802faeb128f85aae1d47e663fbf25ceb13a2bbca
SHA256 bb4a6828d6124cf2c88206b29b02f35c5ed417d501e8da11a0aa28464d776676
SHA512 070a1d1701623d05d254f163dff7acfdf0dcb50fb600ead1c9aa8115c3bc52a2f713f3c06e55aad19fb4226b12e063b9b9a5e96c4e795a262408aa06d59331f5

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5dc535944832f4955a92b78a9c301d51
SHA1 99c23bab60ecaf986ce7bc02d0048b8252cfe736
SHA256 82304e2e8f628fa477e61a27d327b6370a3b20691c1a06bfee28c0d4be7b7c89
SHA512 decfca8f39ed9b780756e1d2a76fb4f42859f2c92d3cfb30232acaadb0bfe6c4e910d55b357f493fb360c2d2e97abde9b5b2d5f1ad455991bc9a2fed3bf3db5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5cd9b4b64a980f83dad9345cd01ca7a8
SHA1 d112029a5bf16f75b66819ae199ca5bee29bd3ed
SHA256 9ed1b69f0e6160678c3714ebe6ef58fb035f4f3f462327aea64c7b0f09ca1b0c
SHA512 be4c75edbff70557b2503b6cc0bbaddf2bfa3cb8aba94c9c4a774f3a9e520915966cb81a3e2291caaea2b8b9fc40bf0dbe42023373120cb2483ae18d7639231e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8254daefe0b49b8ca315c11afd866759
SHA1 92cadd1b5f4b74442a05ac7c6ecaf106a447df1b
SHA256 e6f391ba4d8e052eb4fc17d21a221086a536bc601855ee47ddd14be0d03e9116
SHA512 a343071f8c4c44183f7e13512bf747b9354238cb27d0faf77d56fe686da6da097411fb3b8477a2b59ea0ed84cd2d7747fbc5da7212a6843a946f3524add966e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 75c481734b239240894ebb5eac1ec471
SHA1 a2013220c9470f28c7c853f2552f53934b779daa
SHA256 94329d072606747175d1451e580d7affa25f59b1c2806d65e38ef72b389bf030
SHA512 b22423d5c115718ecae5237122bed87d8e9e557852f352343cb1ae41c521f758c73b9545c10390a4847b5085e13b4d9e0e14b4f0c9220c37661a4552e0985447

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72bdbc73f5cb8390aec6b55c024d8f26
SHA1 130b620bcdb6852a701fe8686986d10a8f9e1457
SHA256 881ba4cf6178c6833c782868d6dfe46bb47bc43a6350e68ab63ba1f9127ba952
SHA512 957619cf8db829ab0539e8f9c0149f54517ab6991483578b928bda159b3cbee5e2cd5aba70d1b2e51ed12e487aa161429103a8acdef4e8794edb202f467ad597

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ba237f5ed2d559a43c704ad38b759be
SHA1 14d07cf656c4c6e95b93f1aee7f6728925c5db66
SHA256 05e619aace128e3dd35017bb1342e5382f64a0dfcc8454e7f29b6b67fdc8fc29
SHA512 af2169fa28879ff80d939b6fe984efad7a86451741d9e7f179463f60e107634d52e550e45a4aa3015d79c343b8b89245c33f761c930c3cb72951389b80b4df06