hxxps://www[.]ghanaweb[.]com

Analysis

max time kernel
91s
max time network
93s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24/05/2024, 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.ghanaweb.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 2632	5088	chrome.exe	73
PID 5088 wrote to memory of 2632	5088	chrome.exe	73
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 2104	5088	chrome.exe	75
PID 5088 wrote to memory of 916	5088	chrome.exe	76
PID 5088 wrote to memory of 916	5088	chrome.exe	76
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77
PID 5088 wrote to memory of 4716	5088	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.ghanaweb.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x90,0xd8,0x7ffa02be9758,0x7ffa02be9768,0x7ffa02be9778
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:2
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2384 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4692 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5208 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5336 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5384 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5364 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5404 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5424 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5452 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6116 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6208 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=796 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5288 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5280 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6808 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6836 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7132 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=8396 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8536 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=8560 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8860 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8872 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7316 --field-trial-handle=1772,i,853455161068771283,8194162638564840752,131072 /prefetch:1
  2⤵
  PID:5820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
80d3bd95b8bf7180300caa52c96d8c00

SHA1
c88a3efbd0d10c81c64750b1b19882f43bd6b0b2

SHA256
bb39b8f281c3159517764365528cbe0ec90289d15dac104ad6f22c9ffae4794a

SHA512
d7503ae583185b72865060bdbb58461754bb3110c061bc10a7fb3de7ccddd827119a305db9ecd6e04aef030e10790020606a7a87c8824510dc080f7007f1b80e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
f2972160764780ccfec4d5118a9f2827

SHA1
c1a9a1df0e88c3d8692bbd3122572f792ec14a71

SHA256
45b37e45c9f746f4b46b4be06d727e7f213b6ec673e8e525ddd463feb4b4d82e

SHA512
d366efed9c69f01351cf8230c10f86d2b01e3f82967be73fb1c722b6411f1c1e6b92b35aff3b39d194be656b38f4147cd9e413a55c530a275bc72bc414731ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1023B

MD5
f631d55fd98f1841df5c05f6259e89ea

SHA1
e98a4d488f83328f4a368e4644b7a7e94822dddc

SHA256
8c7bac00ea72659e856334a14bdfb03f8e9dc0df8ca233ab0c971a2f006be18b

SHA512
3084ddfce33631b1565ed4295039f68f6d491c27fb5f457270ce05ca3ca5607095cc33965b178f8d5a04c030a841e898df4f0642856c7f626659df7227a71e5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fc690a93c276121b2d423e4fd7a594b2

SHA1
2e0d42808c203282da0a508e597bd8ccef46598b

SHA256
5fcdbbcf52ec6c4af05a6e79a45d55c8b4d39c1f41e61614c0450447a89aaa7c

SHA512
cdd526096f7481f84ea367824ba96b417c1b24c78fa1c616270ed7b19ebc346d91a76a3ddd4fe5104749dadae73cba3fec88706b34b7caf43a2060ec908288a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
de16cff7cf3655799938eaf3cec7912b

SHA1
8a1b567f9859f3480073d401158df0d41210c548

SHA256
fcfdc0f68dfbf38549c5f2ddfe357a2ff720903c681353c2b81b0946750f554e

SHA512
f42262f99eb0e3b9da1cf5b12b2d4c8ad7e2acaedb12aeed389d3ea90e2b6dfee58636ed9441ba198d8865f00b970ff746a60c932f9a4540135b137afa5d2a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e174c85178f9d9814db786fe767eb873

SHA1
c80cbd41d33205ccd0e798e898d3798ac0fc0f50

SHA256
1c4e840ae7cdc13c2a1a06ec73d34a0d336538c8de13f8bdca23223420c3ef23

SHA512
50020d3321eff0e1f90ca68765838e25c9bb1d45617b7fba490267a22565b60d96f09bb3769894bf30fa7e2d138b45e362acd12dedf9cf5a5e748b7b0818f6c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df77438623cb738c8136799d2d74b2f3

SHA1
c5aa247640113033d31823ca3294b94ca83e2970

SHA256
0afed3d9cc25242e25b525dcd454c383ccefedd0bb5c0bcb736148d2475c4c42

SHA512
c13fefc783cc348749b2a744716c9089c560045afe685cc989bbed90fa579c92f2f5b9967792cbe21e3ba65cbf35b96ce8e4aa6e2e8d3699e44e0b9bfaf5ac02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ecd230953da37c0dab32963509329cf0

SHA1
a74e7cd85b7992a0fd5834d8741d4ed16c7bcbf3

SHA256
0b91f03b01f9d3edb288949269ba754e4dd78b051b13edc7310965d68ef9f600

SHA512
b2ed879c817dbce3c8fddad2aa861150cff09c1693b69b693b2c3ddba5bfcf263374fc7d4351f67bbf637eef9b6edbc9d4317dac08ba0c64b9848554af6efcad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
fdc6d4e87a3c9f42a8a9f9190aa8aa02

SHA1
312a1112ee535c0444e4d38e92bf426a29317e8f

SHA256
9045d526bcd8c8919b7ebd5b9c7389a36ed262393ecc46f9d5de8c7423923f96

SHA512
6d0baa22631fe35a22b0800e246d6790dc21971e059190739b01418a8ebf3da30ec793970e0b55813b8ae667f59c281d14b64adcb839097ad85b24e8466233bc

Download Submit