Malware Analysis Report

2025-01-17 23:18

Sample ID 240603-p9fcxafc4x
Target http://Received: from PH7PR05MB10566.namprd05.prod.outlook.com (2603:10b6:510:302::5) by PH0PR05MB8366.namprd05.prod.outlook.com with HTTPS; Mon, 3 Jun 2024 09:02:55 +0000 Received: from DM6PR04CA0022.namprd04.prod.outlook.com (2603:10b6:5:334::27) by PH7PR05MB10566.namprd05.prod.outlook.com (2603:10b6:510:302::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7656.8; Mon, 3 Jun 2024 09:02:54 +0000 Received: from CH2PEPF00000141.namprd02.prod.outlook.com (2603:10b6:5:334:cafe::ed) by DM6PR04CA0022.outlook.office365.com (2603:10b6:5:334::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.28 via Frontend Transport; Mon, 3 Jun 2024 09:02:53 +0000 Received: from inpost.tmes.trendmicro.eu (18.185.115.107) by CH2PEPF00000141.mail.protection.outlook.com (10.167.244.74) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7633.15 via Frontend Transport; Mon, 3 Jun 2024 09:02:53 +0000 Received: from 185.187.119.69_.trendmicro.com (unknown [172.21.192.213]) by inpost.tmes.trendmicro.eu (Postfix) with SMTP id 0942910023594 for <[email protected]>; Mon, 3 Jun 2024 09:02:52 +0000 (UTC) Received: from mta119-69.msgfocus.com (unknown [185.187.119.69]) by inpre01.tmes.trendmicro.eu (Trend Micro Email Security) with ESMTPS id 97B9A10001470 for <[email protected]>; Mon, 3 Jun 2024 09:00:25 +0000 (UTC) Authentication-Results: spf=pass (sender IP is 185.187.119.69) smtp.mailfrom=learn.inpd.co.uk; dkim=pass (signature was verified) header.d=msgfocus.com;dkim=pass (signature was verified) header.d=inpdtraining.co.uk;dmarc=pass action=none header.from=inpdtraining.co.uk;compauth=pass reason=100 Received-Spf: Pass (protection.outlook.com: domain of learn.inpd.co.uk designates 185.187.119.69 as permitted sender) receiver=protection.outlook.com; client-ip=185.187.119.69; helo=mta119-69.msgfocus.com; pr=C X-Tm-Mail-Received-Time: 1717405225.620000 X-Tm-Mail-Uuid: f5a5c341-1a2e-4a4a-b7c5-4f5d4525a7be Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=msgf; d=msgfocus.com; h=Subject:Message-ID:Reply-To:To:List-Unsubscribe:From:Date:MIME-Version: Content-Type; bh=Fj7agBQrBmer8d/tUBESJvN7hxbfRC3WlnhzEwU0hm0=; b=ffsrSZjT4mi+nbQ7rYpOucxyavoCuGPAu01682tmzJdLZ88dTs7swTCm5JDaFIlBqYlgUKAsI3Vv A3jJHHW+JXvFY57FExm4H1RzAwk0IOsk8GXsLauu2ZtV97rQ+ngY+QrHyHrqbCM/7fC6cuBnp33Z mhVFIUAqdEK9mjpJ60Y= Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inpdtraining.co.uk; s=msgf; t=1717405225; bh=Fj7agBQrBmer8d/tUBESJvN7hxbfRC3WlnhzEwU0hm0=; h=Subject:Message-ID:Reply-To:To:List-Unsubscribe:From:Date: MIME-Version:Content-Type; b=D4BQAUajMW+9LJ34kxT2BNNu2bNVhyQfRiSXlG/J8xrkZ2Or1OrwcjKqLaKP1gFDM of74KxHaUVHTJpsFxVjMvf4SjkzwEYAmjkQjWvPeLdRzFRlaiU9pBieWu6bfAEudW0 xk46FvxYjDlNj8FWHGvGso9377Z8rnCwo1Sy2C4Y= Subject: =?UTF-8?B?RXhwbG9yaW5nIExlYWRlcnNoaXAgRGV2ZWxvcG1lbnQgT3Bwb3J0?= =?UTF-8?B?dW5pdGllcw==?= Message-Id: <[email protected]> Reply-To: Michael Johnson <[email protected]> To: Lucy Jeffrey <[email protected]> List-Unsubscribe: <mailto:[email protected]?subject=Unsubscribe> From: Michael Johnson <[email protected]> Date: Mon, 3 Jun 2024 10:00:25 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----sinikael-?=_1-17174083441650.5885637185593819" X-Virtual-Mta: mta119-69 X-Tm-Received-Spf: Pass (domain of [email protected] designates 185.187.119.69 as permitted sender) client-ip=185.187.119.69; [email protected]; helo=mta119-69.msgfocus.com X-Tm-Authentication-Results: spf=pass (sender IP address: 185.187.119.69) smtp.mailfrom=learn.inpd.co.uk; dkim=pass (signatures verified) header.d=inpdtraining.co.uk; dmarc=pass action=none header.from=inpdtraining.co.uk; arc=none X-Tm-As-Ers: 185.187.119.69-127.3.0.1 X-Tm-Addin-Auth: 9smJ5FxNNU6vRM/DSi3W7rDJAMq1S+B8qJg3Bj8ADWExqmFjLpbLk71FL4U 5lCJ8qHt+4GytHFMGuqeHdD+f16AmjAI/h3i/IKXgIEe+5ms1MY0xXa2BmnPFcSyIVQgQ7SPE0L B+wU/MK39ua6XmvD0S/MwbVyc8cGegp/2NlHlBIW2Lhe3vLuTXaFeDqI7T8G8y1GEvyYuhQql4b ze6TEWxY6gNm91I2wGnVo3tn4QPB4MAKfwJ1gQ5Tq2SxXdZE2Qulxk20Ig0wIOyo9/elhDutnua lnijFr1F4xUG2fiwQ1Sto/uOcvdAeWJr6r0+.VF4YhKz58Ftt9ung9KDyKx9TgWbJG26vFIYqcM uJchW/AKqXDgTUCJ2SN+JnictGi2pHbW99lFtCgfPTRw5ElREC5MN1GxJgnLmbdR7xgw2LpTZlC JJztocH+t/lXgmf/VcLFACUrfXXzdLppCyGBFVX6UrzgsNHIhmKEDBz4FXdQzSnqdP2YGpfO8f6 iVRLmxaFbui9BvXRZwXnyXCHI7YzFFXslLi+mfAS5/f3/yDKCEPE1ebSOxbi9vjQuFNFogQaAhd 93sQDZpgJikQDH1LFH6Z2ta5Gf/Zp7NLsZgxsnUuLT4pM0Mz4Buhgbn31/khRBEnfPpk86n1aif Vx2g== X-Tm-Addin-Productcode: EMS X-Tmase-Version: StarCloud-1.3-9.1.1023-28428.006 X-Tmase-Result: 10--1.938600-10.000000 X-Tmase-Matchedrid: KxrMY5blxgKufjpOTBCZF22Dih2Q1R3bV/PvpAMTDp/iYwcBlrP2mv9c XGiSGmuVajuQRPPofdIta64Tt5lszEEwlAH/PleeQgXu2iij9RDbsMKgct/1bq/jP2VeKb7Iycg advOu9CAL6av7YvHcfI4eLDiNVLebi+ZjWETZUNTkvnu8L8lC9WNDOyM3/J77i1Tlk8twAew8Bd pLW7IeOSE8raaf46xMgHW1Kci8XUMj7HJJIdCJubeRNnvRZshbfmPWHsKOxhOz2XxgoiEezKcqR tSTzo4kudRBZn0FehKjiIJqRFExTYRZfxYhJ8p2/S0JvmlnE6qgIEP6KkgWmFxXl5Nu9POi/iuo o30dWbnqqpOqdTQ56nT/BSqPsxuGkGEYuVNVxHvSrj92wVy4G8uVXJr//PK2yylUe4wmNq2Val5 /JOrCHrNZcSfsHwzCZsBazu632yJd1huWY9I6IROayaVCA+ghizV4sHT5scp5se18byPgYRCi5g 131N2OnRTJpY7VAKfi1DA1xO4yz47joK0YU3OAuYf5DrEd8qaeQxlxGrnlAz8MbQNN4rWzTXmo1 7xzCoApUPEK9Wmtg/FlUF42rNf+NSli361c1GFCgI+93jh/GKPcsiXgzh7siE1/yxDNfQ4jYswF U+v7QhFMO+gC2WCplZbMcLwevdVlM+BEEqucDkJ5y1ngQ7WRJ8m/hfnWpKA7GdGLTzIxIpIbd+w nhmyUju2XlcEx9HS8vTgOvryN2oZp06uFK1nsJQktxNYzOLPW/vZHcjkKu+8voWA4+4sZK3BCOL bTGQ1bdURHyMSH+LCUU0XjNO3M4qoIi144zw3ooQk7tJHpeCS8kWuwOHSHldYeoo7G9XguMVb+B G18JBEuOqgkm3/1fC4IwOLvyucOL85GDtaEd30pBoEiOUVpUjbHfpX3XbZoOvlKcyW7flY/Hnfp NkxAabQFk1K9WnFkzeNs4Fp1DWLK5A5md0r9ulxMqwyzVlH6CxJ5baM0J7Yj7orx4oOsCdQxfgt Nw8V+O/5a4e9QeO+lU22yYQQKH8FerAT0dJY= X-Tmase-Snap-Result: 1.821001.0001-0-1-1:1,22:0,28:1,33:0,34:0,42:1-0 X-Tmase-Xgencloud: 860f0b52-4231-4382-9ff0-b6f879e57dc0-0-0-200-0 X-Tm-Deliver-Signature: 06124FEC78EA7E1B65DB6355FF8ADC2C Return-Path: [email protected] X-Ms-Exchange-Organization-Expirationstarttime: 03 Jun 2024 09:02:53.2865 (UTC) X-Ms-Exchange-Organization-Expirationstarttimereason: OriginalSubmit X-Ms-Exchange-Organization-Expirationinterval: 1:00:00:00.0000000 X-Ms-Exchange-Organization-Expirationintervalreason: OriginalSubmit X-Ms-Exchange-Organization-Network-Message-Id: 14f11937-dffb-4a84-549a-08dc83abf3cf X-Eopattributedmessage: 0 X-Eoptenantattributedmessage: 1e69e311-af1f-4162-b24e-16bb3f962d34:0 X-Ms-Exchange-Organization-Messagedirectionality: Incoming X-Ms-Exchange-Skiplistedinternetsender: ip=[185.187.119.69];domain=mta119-69.msgfocus.com X-Ms-Exchange-Externaloriginalinternetsender: ip=[185.187.119.69];domain=mta119-69.msgfocus.com X-Ms-Publictraffictype: Email X-Ms-Traffictypediagnostic: CH2PEPF00000141:EE_|PH7PR05MB10566:EE_|PH0PR05MB8366:EE_ X-Ms-Exchange-Organization-Authsource: CH2PEPF00000141.namprd02.prod.outlook.com X-Ms-Exchange-Organization-Authas: Anonymous X-Ms-Office365-Filtering-Correlation-Id: 14f11937-dffb-4a84-549a-08dc83abf3cf X-Ms-Exchange-Organization-Scl: 1 X-Microsoft-Antispam: BCL:5;ARA:13230031|69100299006|82310400017|5073199003; X-Forefront-Antispam-Report: CIP:18.185.115.107;CTRY:GB;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mta119-69.msgfocus.com;PTR:mta119-69.msgfocus.com;CAT:NONE;SFS:(13230031)(69100299006)(82310400017)(5073199003);DIR:INB; X-Ms-Exchange-Crosstenant-Originalarrivaltime: 03 Jun 2024 09:02:53.0208 (UTC) X-Ms-Exchange-Crosstenant-Network-Message-Id: 14f11937-dffb-4a84-549a-08dc83abf3cf X-Ms-Exchange-Crosstenant-Id: 1e69e311-af1f-4162-b24e-16bb3f962d34 X-Ms-Exchange-Crosstenant-Authsource: CH2PEPF00000141.namprd02.prod.outlook.com X-Ms-Exchange-Crosstenant-Authas: Anonymous X-Ms-Exchange-Crosstenant-Fromentityheader: Internet X-Ms-Exchange-Transport-Crosstenantheadersstamped: PH7PR05MB10566 X-Ms-Exchange-Transport-Endtoendlatency: 00:00:02.6689005 X-Ms-Exchange-Processed-By-Bccfoldering: 15.20.7656.004 X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003); X-Microsoft-Antispam-Message-Info: mmEfZt4goNiItmlewt8gtqoIVfYYHnOAaE47gHP0FMLe/8Qub61GYGpkihUUgiWYodxWg2K3DiTmH0P6vrM+imXDaoOlx3BuH1Z2pR1OapAs5Y8p7JrEum90GjmVhpMNnF9X4l6nuEAOm9g+EGWjAAU3foSVtUsYjOdHZy4zwvr/t/zBDaRE69pccSWVsLGn8RfuRgvBWxeFbwEljrLX6gr7pCmRHYg5iSKx0nPvNxLING0orsQiooK5kKt4wDe5FFk4jv5JJwBiQNvl2Q+qP46mUz/cf0xF9OumNFNH2i4sUq9cHVgjIPRMG2JNWeaKTGI//RFrbgefVevcF3HFhpqWZAr42S6vQtXmZIUN+Xxde89Dv0Opp0q5NbaIcJYCiAlxi5T3i9TowXsLDUyOWKmPAMrpoI5iqh0pgR0e0/BB0Ch+xiBV6FgBgbu9nNZBH/tmRxccXy9/AIlpITaKQKIGmAmUEuFfWFujDY/8M/iaBnVwuBQNn6nu2ZN7w5shOVGM8vxsqDBhIhXith5adHEWzXK6JmVVOf80UQ6SrLJRMLgemzWU9Mbwy4oGNS81PP5nwYcgqKIYi02YqGnFhoktGq+ZkySpPE6vGZxu2bD+7wLfx9Vt1jfkg0Q3Ne/ja1tJouOpTOZdSEU0c+7qciV8KZ3wIANnwo20JxeCK6r6tSjoHKg6di49mmPHSafg6gw3EG0OVnyd0c9Wfo7cByDqa14+U7CxbTo3OwmUN4EoofR8wYwFsONqgqiDNVZm1WFQjELID8Eyyvk3eBegF4UMuGt1552B0NIcYzjv0X9g2bxB0Vybo3WKKybdPJMBsF7/R4keo/TqwhW+k06GrJEES5JMwjDntLlFAHfbrSaU+t0519rSMXfEg+I99GonbGUMWiw0/SAN6xEqUF8lkAYoFaBDH4ike+mPdNWY2zy4i8oljlUs+N1gK3JyK+jtbcT/29QwcF+IjOipfmSikzubpLzaJA5uGgq0u60frK/cQRKLCq1gDdAIYDuX/kA/VwYPYKikt+FZ+WREsLfI9rI6jLaVtkdgU2e/VlkC9sYw7WgdOYC/jzZ1Og5wJCLzZ+xqifrTruPoch9hrFCKSkkq7wfDklQ0kVquRdtSe6TS2kyRw5uS7yNGjEZ86UJ4smF6esvjbSqKmuYdcE8WOUFDcU8IFUzHCIyFMCDM3lh22qKV6A4ptCYBL0C5HgwgxLDjxe0xMLfATHIID8NyEQzOA+owI3EGc79mII+Dqd18ikd9+wCK7+axvWIc/E9zAApQ9J40lnR5XhyhqrbDKuE0HRHxzUAcuV9WQNDS1xJrdepJ+lYeCuZRdBGgyRC21hc8qp866h9pO7T8OTpQ9Dsyz6dhqv05tPYjrdqF5hcPlLhJvg3vy6V9M299ZA9AKhTjE8uGiClMZ5hEH1LqcGMe37YMZTDWeSlHNd6W3ww7sPAABLWGOvxY2A9nmam01XOO5IH1W20eXx9EGA3NpBxgOjEMrNN/GSqiOIvM9pWtVSvVtlREh/60rc7zfpcmmT0L1/ax6HmbJNHQqsD39/Y/VEREzEnKnsnUuATMyRaSB7aHGYIypqDaz2bJD4y1PlfMn9q1zzaB6TbYyZLaeWo/DX2OZwNm9FvlYasMPDJFVzHaEXakQH+y9OSrb+iYeKO7r5G5Ml/FTImhDHrf2rtPKgSk2O3b5tS49hHsl1B4uzCJjNZ61FiAgbCvlCU1Ov1xKjqUgjcOD6qWkW6BqaL9r51UqHdmNNwS75pi19BLNLr9tPCd2sGr9OUMVkxngDWZ4+QHQ/YGfb2ib1JdpAEmUWgoOCvPRclaC4Nw1WCRG6gwKki5JQX5QorBOS1vMsFKcw2zJXebcdeV08bJFxNG0TwWtRVPLybWRT/HKSZBffte1pBs8Lpa7ppRWVC2oT6Z+LIxaUvR0kZ+Zc8yQ89PGf+pdL+sBsBuOl0OJyb41b3cbFcGou/sm0Wqr/piEgNclRQTBkE0QjDJuZTujrAvybzVwbi8qtDP1PO1lJq5nVu0psyrf7RQ9sksqJs3004a6IyZhmF/jj691h1oH6XAGfj/NQLxWLhtP9w5m/w8kfNxLD8maIOGQYH4a17Zp+wQclrMRBPT/XX0W3II/mdPVq9rKh/NQmGtziR4egqSYJ4oo5mS4TkM54xvRFZDC1y5obeMR8Bp6HAYLNWe9Q== Content-Transfer-Encoding: 7bit
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file http://Received: from PH7PR05MB10566.namprd05.prod.outlook.com (2603:10b6:510:302::5) by PH0PR05MB8366.namprd05.prod.outlook.com with HTTPS; Mon, 3 Jun 2024 09:02:55 +0000 Received: from DM6PR04CA0022.namprd04.prod.outlook.com (2603:10b6:5:334::27) by PH7PR05MB10566.namprd05.prod.outlook.com (2603:10b6:510:302::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7656.8; Mon, 3 Jun 2024 09:02:54 +0000 Received: from CH2PEPF00000141.namprd02.prod.outlook.com (2603:10b6:5:334:cafe::ed) by DM6PR04CA0022.outlook.office365.com (2603:10b6:5:334::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.28 via Frontend Transport; Mon, 3 Jun 2024 09:02:53 +0000 Received: from inpost.tmes.trendmicro.eu (18.185.115.107) by CH2PEPF00000141.mail.protection.outlook.com (10.167.244.74) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7633.15 via Frontend Transport; Mon, 3 Jun 2024 09:02:53 +0000 Received: from 185.187.119.69_.trendmicro.com (unknown [172.21.192.213]) by inpost.tmes.trendmicro.eu (Postfix) with SMTP id 0942910023594 for <[email protected]>; Mon, 3 Jun 2024 09:02:52 +0000 (UTC) Received: from mta119-69.msgfocus.com (unknown [185.187.119.69]) by inpre01.tmes.trendmicro.eu (Trend Micro Email Security) with ESMTPS id 97B9A10001470 for <[email protected]>; Mon, 3 Jun 2024 09:00:25 +0000 (UTC) Authentication-Results: spf=pass (sender IP is 185.187.119.69) smtp.mailfrom=learn.inpd.co.uk; dkim=pass (signature was verified) header.d=msgfocus.com;dkim=pass (signature was verified) header.d=inpdtraining.co.uk;dmarc=pass action=none header.from=inpdtraining.co.uk;compauth=pass reason=100 Received-Spf: Pass (protection.outlook.com: domain of learn.inpd.co.uk designates 185.187.119.69 as permitted sender) receiver=protection.outlook.com; client-ip=185.187.119.69; helo=mta119-69.msgfocus.com; pr=C X-Tm-Mail-Received-Time: 1717405225.620000 X-Tm-Mail-Uuid: f5a5c341-1a2e-4a4a-b7c5-4f5d4525a7be Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=msgf; d=msgfocus.com; h=Subject:Message-ID:Reply-To:To:List-Unsubscribe:From:Date:MIME-Version: Content-Type; bh=Fj7agBQrBmer8d/tUBESJvN7hxbfRC3WlnhzEwU0hm0=; b=ffsrSZjT4mi+nbQ7rYpOucxyavoCuGPAu01682tmzJdLZ88dTs7swTCm5JDaFIlBqYlgUKAsI3Vv A3jJHHW+JXvFY57FExm4H1RzAwk0IOsk8GXsLauu2ZtV97rQ+ngY+QrHyHrqbCM/7fC6cuBnp33Z mhVFIUAqdEK9mjpJ60Y= Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inpdtraining.co.uk; s=msgf; t=1717405225; bh=Fj7agBQrBmer8d/tUBESJvN7hxbfRC3WlnhzEwU0hm0=; h=Subject:Message-ID:Reply-To:To:List-Unsubscribe:From:Date: MIME-Version:Content-Type; b=D4BQAUajMW+9LJ34kxT2BNNu2bNVhyQfRiSXlG/J8xrkZ2Or1OrwcjKqLaKP1gFDM of74KxHaUVHTJpsFxVjMvf4SjkzwEYAmjkQjWvPeLdRzFRlaiU9pBieWu6bfAEudW0 xk46FvxYjDlNj8FWHGvGso9377Z8rnCwo1Sy2C4Y= Subject: =?UTF-8?B?RXhwbG9yaW5nIExlYWRlcnNoaXAgRGV2ZWxvcG1lbnQgT3Bwb3J0?= =?UTF-8?B?dW5pdGllcw==?= Message-Id: <[email protected]> Reply-To: Michael Johnson <[email protected]> To: Lucy Jeffrey <[email protected]> List-Unsubscribe: <mailto:[email protected]?subject=Unsubscribe> From: Michael Johnson <[email protected]> Date: Mon, 3 Jun 2024 10:00:25 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----sinikael-?=_1-17174083441650.5885637185593819" X-Virtual-Mta: mta119-69 X-Tm-Received-Spf: Pass (domain of [email protected] designates 185.187.119.69 as permitted sender) client-ip=185.187.119.69; [email protected]; helo=mta119-69.msgfocus.com X-Tm-Authentication-Results: spf=pass (sender IP address: 185.187.119.69) smtp.mailfrom=learn.inpd.co.uk; dkim=pass (signatures verified) header.d=inpdtraining.co.uk; dmarc=pass action=none header.from=inpdtraining.co.uk; arc=none X-Tm-As-Ers: 185.187.119.69-127.3.0.1 X-Tm-Addin-Auth: 9smJ5FxNNU6vRM/DSi3W7rDJAMq1S+B8qJg3Bj8ADWExqmFjLpbLk71FL4U 5lCJ8qHt+4GytHFMGuqeHdD+f16AmjAI/h3i/IKXgIEe+5ms1MY0xXa2BmnPFcSyIVQgQ7SPE0L B+wU/MK39ua6XmvD0S/MwbVyc8cGegp/2NlHlBIW2Lhe3vLuTXaFeDqI7T8G8y1GEvyYuhQql4b ze6TEWxY6gNm91I2wGnVo3tn4QPB4MAKfwJ1gQ5Tq2SxXdZE2Qulxk20Ig0wIOyo9/elhDutnua lnijFr1F4xUG2fiwQ1Sto/uOcvdAeWJr6r0+.VF4YhKz58Ftt9ung9KDyKx9TgWbJG26vFIYqcM uJchW/AKqXDgTUCJ2SN+JnictGi2pHbW99lFtCgfPTRw5ElREC5MN1GxJgnLmbdR7xgw2LpTZlC JJztocH+t/lXgmf/VcLFACUrfXXzdLppCyGBFVX6UrzgsNHIhmKEDBz4FXdQzSnqdP2YGpfO8f6 iVRLmxaFbui9BvXRZwXnyXCHI7YzFFXslLi+mfAS5/f3/yDKCEPE1ebSOxbi9vjQuFNFogQaAhd 93sQDZpgJikQDH1LFH6Z2ta5Gf/Zp7NLsZgxsnUuLT4pM0Mz4Buhgbn31/khRBEnfPpk86n1aif Vx2g== X-Tm-Addin-Productcode: EMS X-Tmase-Version: StarCloud-1.3-9.1.1023-28428.006 X-Tmase-Result: 10--1.938600-10.000000 X-Tmase-Matchedrid: KxrMY5blxgKufjpOTBCZF22Dih2Q1R3bV/PvpAMTDp/iYwcBlrP2mv9c XGiSGmuVajuQRPPofdIta64Tt5lszEEwlAH/PleeQgXu2iij9RDbsMKgct/1bq/jP2VeKb7Iycg advOu9CAL6av7YvHcfI4eLDiNVLebi+ZjWETZUNTkvnu8L8lC9WNDOyM3/J77i1Tlk8twAew8Bd pLW7IeOSE8raaf46xMgHW1Kci8XUMj7HJJIdCJubeRNnvRZshbfmPWHsKOxhOz2XxgoiEezKcqR tSTzo4kudRBZn0FehKjiIJqRFExTYRZfxYhJ8p2/S0JvmlnE6qgIEP6KkgWmFxXl5Nu9POi/iuo o30dWbnqqpOqdTQ56nT/BSqPsxuGkGEYuVNVxHvSrj92wVy4G8uVXJr//PK2yylUe4wmNq2Val5 /JOrCHrNZcSfsHwzCZsBazu632yJd1huWY9I6IROayaVCA+ghizV4sHT5scp5se18byPgYRCi5g 131N2OnRTJpY7VAKfi1DA1xO4yz47joK0YU3OAuYf5DrEd8qaeQxlxGrnlAz8MbQNN4rWzTXmo1 7xzCoApUPEK9Wmtg/FlUF42rNf+NSli361c1GFCgI+93jh/GKPcsiXgzh7siE1/yxDNfQ4jYswF U+v7QhFMO+gC2WCplZbMcLwevdVlM+BEEqucDkJ5y1ngQ7WRJ8m/hfnWpKA7GdGLTzIxIpIbd+w nhmyUju2XlcEx9HS8vTgOvryN2oZp06uFK1nsJQktxNYzOLPW/vZHcjkKu+8voWA4+4sZK3BCOL bTGQ1bdURHyMSH+LCUU0XjNO3M4qoIi144zw3ooQk7tJHpeCS8kWuwOHSHldYeoo7G9XguMVb+B G18JBEuOqgkm3/1fC4IwOLvyucOL85GDtaEd30pBoEiOUVpUjbHfpX3XbZoOvlKcyW7flY/Hnfp NkxAabQFk1K9WnFkzeNs4Fp1DWLK5A5md0r9ulxMqwyzVlH6CxJ5baM0J7Yj7orx4oOsCdQxfgt Nw8V+O/5a4e9QeO+lU22yYQQKH8FerAT0dJY= X-Tmase-Snap-Result: 1.821001.0001-0-1-1:1,22:0,28:1,33:0,34:0,42:1-0 X-Tmase-Xgencloud: 860f0b52-4231-4382-9ff0-b6f879e57dc0-0-0-200-0 X-Tm-Deliver-Signature: 06124FEC78EA7E1B65DB6355FF8ADC2C Return-Path: [email protected] X-Ms-Exchange-Organization-Expirationstarttime: 03 Jun 2024 09:02:53.2865 (UTC) X-Ms-Exchange-Organization-Expirationstarttimereason: OriginalSubmit X-Ms-Exchange-Organization-Expirationinterval: 1:00:00:00.0000000 X-Ms-Exchange-Organization-Expirationintervalreason: OriginalSubmit X-Ms-Exchange-Organization-Network-Message-Id: 14f11937-dffb-4a84-549a-08dc83abf3cf X-Eopattributedmessage: 0 X-Eoptenantattributedmessage: 1e69e311-af1f-4162-b24e-16bb3f962d34:0 X-Ms-Exchange-Organization-Messagedirectionality: Incoming X-Ms-Exchange-Skiplistedinternetsender: ip=[185.187.119.69];domain=mta119-69.msgfocus.com X-Ms-Exchange-Externaloriginalinternetsender: ip=[185.187.119.69];domain=mta119-69.msgfocus.com X-Ms-Publictraffictype: Email X-Ms-Traffictypediagnostic: CH2PEPF00000141:EE_|PH7PR05MB10566:EE_|PH0PR05MB8366:EE_ X-Ms-Exchange-Organization-Authsource: CH2PEPF00000141.namprd02.prod.outlook.com X-Ms-Exchange-Organization-Authas: Anonymous X-Ms-Office365-Filtering-Correlation-Id: 14f11937-dffb-4a84-549a-08dc83abf3cf X-Ms-Exchange-Organization-Scl: 1 X-Microsoft-Antispam: BCL:5;ARA:13230031|69100299006|82310400017|5073199003; X-Forefront-Antispam-Report: CIP:18.185.115.107;CTRY:GB;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mta119-69.msgfocus.com;PTR:mta119-69.msgfocus.com;CAT:NONE;SFS:(13230031)(69100299006)(82310400017)(5073199003);DIR:INB; X-Ms-Exchange-Crosstenant-Originalarrivaltime: 03 Jun 2024 09:02:53.0208 (UTC) X-Ms-Exchange-Crosstenant-Network-Message-Id: 14f11937-dffb-4a84-549a-08dc83abf3cf X-Ms-Exchange-Crosstenant-Id: 1e69e311-af1f-4162-b24e-16bb3f962d34 X-Ms-Exchange-Crosstenant-Authsource: CH2PEPF00000141.namprd02.prod.outlook.com X-Ms-Exchange-Crosstenant-Authas: Anonymous X-Ms-Exchange-Crosstenant-Fromentityheader: Internet X-Ms-Exchange-Transport-Crosstenantheadersstamped: PH7PR05MB10566 X-Ms-Exchange-Transport-Endtoendlatency: 00:00:02.6689005 X-Ms-Exchange-Processed-By-Bccfoldering: 15.20.7656.004 X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003); X-Microsoft-Antispam-Message-Info: mmEfZt4goNiItmlewt8gtqoIVfYYHnOAaE47gHP0FMLe/8Qub61GYGpkihUUgiWYodxWg2K3DiTmH0P6vrM+imXDaoOlx3BuH1Z2pR1OapAs5Y8p7JrEum90GjmVhpMNnF9X4l6nuEAOm9g+EGWjAAU3foSVtUsYjOdHZy4zwvr/t/zBDaRE69pccSWVsLGn8RfuRgvBWxeFbwEljrLX6gr7pCmRHYg5iSKx0nPvNxLING0orsQiooK5kKt4wDe5FFk4jv5JJwBiQNvl2Q+qP46mUz/cf0xF9OumNFNH2i4sUq9cHVgjIPRMG2JNWeaKTGI//RFrbgefVevcF3HFhpqWZAr42S6vQtXmZIUN+Xxde89Dv0Opp0q5NbaIcJYCiAlxi5T3i9TowXsLDUyOWKmPAMrpoI5iqh0pgR0e0/BB0Ch+xiBV6FgBgbu9nNZBH/tmRxccXy9/AIlpITaKQKIGmAmUEuFfWFujDY/8M/iaBnVwuBQNn6nu2ZN7w5shOVGM8vxsqDBhIhXith5adHEWzXK6JmVVOf80UQ6SrLJRMLgemzWU9Mbwy4oGNS81PP5nwYcgqKIYi02YqGnFhoktGq+ZkySpPE6vGZxu2bD+7wLfx9Vt1jfkg0Q3Ne/ja1tJouOpTOZdSEU0c+7qciV8KZ3wIANnwo20JxeCK6r6tSjoHKg6di49mmPHSafg6gw3EG0OVnyd0c9Wfo7cByDqa14+U7CxbTo3OwmUN4EoofR8wYwFsONqgqiDNVZm1WFQjELID8Eyyvk3eBegF4UMuGt1552B0NIcYzjv0X9g2bxB0Vybo3WKKybdPJMBsF7/R4keo/TqwhW+k06GrJEES5JMwjDntLlFAHfbrSaU+t0519rSMXfEg+I99GonbGUMWiw0/SAN6xEqUF8lkAYoFaBDH4ike+mPdNWY2zy4i8oljlUs+N1gK3JyK+jtbcT/29QwcF+IjOipfmSikzubpLzaJA5uGgq0u60frK/cQRKLCq1gDdAIYDuX/kA/VwYPYKikt+FZ+WREsLfI9rI6jLaVtkdgU2e/VlkC9sYw7WgdOYC/jzZ1Og5wJCLzZ+xqifrTruPoch9hrFCKSkkq7wfDklQ0kVquRdtSe6TS2kyRw5uS7yNGjEZ86UJ4smF6esvjbSqKmuYdcE8WOUFDcU8IFUzHCIyFMCDM3lh22qKV6A4ptCYBL0C5HgwgxLDjxe0xMLfATHIID8NyEQzOA+owI3EGc79mII+Dqd18ikd9+wCK7+axvWIc/E9zAApQ9J40lnR5XhyhqrbDKuE0HRHxzUAcuV9WQNDS1xJrdepJ+lYeCuZRdBGgyRC21hc8qp866h9pO7T8OTpQ9Dsyz6dhqv05tPYjrdqF5hcPlLhJvg3vy6V9M299ZA9AKhTjE8uGiClMZ5hEH1LqcGMe37YMZTDWeSlHNd6W3ww7sPAABLWGOvxY2A9nmam01XOO5IH1W20eXx9EGA3NpBxgOjEMrNN/GSqiOIvM9pWtVSvVtlREh/60rc7zfpcmmT0L1/ax6HmbJNHQqsD39/Y/VEREzEnKnsnUuATMyRaSB7aHGYIypqDaz2bJD4y1PlfMn9q1zzaB6TbYyZLaeWo/DX2OZwNm9FvlYasMPDJFVzHaEXakQH+y9OSrb+iYeKO7r5G5Ml/FTImhDHrf2rtPKgSk2O3b5tS49hHsl1B4uzCJjNZ61FiAgbCvlCU1Ov1xKjqUgjcOD6qWkW6BqaL9r51UqHdmNNwS75pi19BLNLr9tPCd2sGr9OUMVkxngDWZ4+QHQ/YGfb2ib1JdpAEmUWgoOCvPRclaC4Nw1WCRG6gwKki5JQX5QorBOS1vMsFKcw2zJXebcdeV08bJFxNG0TwWtRVPLybWRT/HKSZBffte1pBs8Lpa7ppRWVC2oT6Z+LIxaUvR0kZ+Zc8yQ89PGf+pdL+sBsBuOl0OJyb41b3cbFcGou/sm0Wqr/piEgNclRQTBkE0QjDJuZTujrAvybzVwbi8qtDP1PO1lJq5nVu0psyrf7RQ9sksqJs3004a6IyZhmF/jj691h1oH6XAGfj/NQLxWLhtP9w5m/w8kfNxLD8maIOGQYH4a17Zp+wQclrMRBPT/XX0W3II/mdPVq9rKh/NQmGtziR4egqSYJ4oo5mS4TkM54xvRFZDC1y5obeMR8Bp6HAYLNWe9Q== Content-Transfer-Encoding: 7bit was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:01

Reported

2024-06-03 13:04

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

138s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Received: from PH7PR05MB10566.namprd05.prod.outlook.com (2603:10b6:510:302::5) by PH0PR05MB8366.namprd05.prod.outlook.com with HTTPS; Mon, 3 Jun 2024 09:02:55 +0000 Received: from DM6PR04CA0022.namprd04.prod.outlook.com (2603:10b6:5:334::27) by PH7PR05MB10566.namprd05.prod.outlook.com (2603:10b6:510:302::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7656.8; Mon, 3 Jun 2024 09:02:54 +0000 Received: from CH2PEPF00000141.namprd02.prod.outlook.com (2603:10b6:5:334:cafe::ed) by DM6PR04CA0022.outlook.office365.com (2603:10b6:5:334::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.28 via Frontend Transport; Mon, 3 Jun 2024 09:02:53 +0000 Received: from inpost.tmes.trendmicro.eu (18.185.115.107) by CH2PEPF00000141.mail.protection.outlook.com (10.167.244.74) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7633.15 via Frontend Transport; Mon, 3 Jun 2024 09:02:53 +0000 Received: from 185.187.119.69_.trendmicro.com (unknown [172.21.192.213]) by inpost.tmes.trendmicro.eu (Postfix) with SMTP id 0942910023594 for <[email protected]>; Mon, 3 Jun 2024 09:02:52 +0000 (UTC) Received: from mta119-69.msgfocus.com (unknown [185.187.119.69]) by inpre01.tmes.trendmicro.eu (Trend Micro Email Security) with ESMTPS id 97B9A10001470 for <[email protected]>; Mon, 3 Jun 2024 09:00:25 +0000 (UTC) Authentication-Results: spf=pass (sender IP is 185.187.119.69) smtp.mailfrom=learn.inpd.co.uk; dkim=pass (signature was verified) header.d=msgfocus.com;dkim=pass (signature was verified) header.d=inpdtraining.co.uk;dmarc=pass action=none header.from=inpdtraining.co.uk;compauth=pass reason=100 Received-Spf: Pass (protection.outlook.com: domain of learn.inpd.co.uk designates 185.187.119.69 as permitted sender) receiver=protection.outlook.com; client-ip=185.187.119.69; helo=mta119-69.msgfocus.com; pr=C X-Tm-Mail-Received-Time: 1717405225.620000 X-Tm-Mail-Uuid: f5a5c341-1a2e-4a4a-b7c5-4f5d4525a7be Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=msgf; d=msgfocus.com; h=Subject:Message-ID:Reply-To:To:List-Unsubscribe:From:Date:MIME-Version: Content-Type; bh=Fj7agBQrBmer8d/tUBESJvN7hxbfRC3WlnhzEwU0hm0=; b=ffsrSZjT4mi+nbQ7rYpOucxyavoCuGPAu01682tmzJdLZ88dTs7swTCm5JDaFIlBqYlgUKAsI3Vv A3jJHHW+JXvFY57FExm4H1RzAwk0IOsk8GXsLauu2ZtV97rQ+ngY+QrHyHrqbCM/7fC6cuBnp33Z mhVFIUAqdEK9mjpJ60Y= Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inpdtraining.co.uk; s=msgf; t=1717405225; bh=Fj7agBQrBmer8d/tUBESJvN7hxbfRC3WlnhzEwU0hm0=; h=Subject:Message-ID:Reply-To:To:List-Unsubscribe:From:Date: MIME-Version:Content-Type; b=D4BQAUajMW+9LJ34kxT2BNNu2bNVhyQfRiSXlG/J8xrkZ2Or1OrwcjKqLaKP1gFDM of74KxHaUVHTJpsFxVjMvf4SjkzwEYAmjkQjWvPeLdRzFRlaiU9pBieWu6bfAEudW0 xk46FvxYjDlNj8FWHGvGso9377Z8rnCwo1Sy2C4Y= Subject: =?UTF-8?B?RXhwbG9yaW5nIExlYWRlcnNoaXAgRGV2ZWxvcG1lbnQgT3Bwb3J0?= =?UTF-8?B?dW5pdGllcw==?= Message-Id: <[email protected]> Reply-To: Michael Johnson <[email protected]> To: Lucy Jeffrey <[email protected]> List-Unsubscribe: <mailto:[email protected]?subject=Unsubscribe> From: Michael Johnson <[email protected]> Date: Mon, 3 Jun 2024 10:00:25 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----sinikael-?=_1-17174083441650.5885637185593819" X-Virtual-Mta: mta119-69 X-Tm-Received-Spf: Pass (domain of [email protected] designates 185.187.119.69 as permitted sender) client-ip=185.187.119.69; [email protected]; helo=mta119-69.msgfocus.com X-Tm-Authentication-Results: spf=pass (sender IP address: 185.187.119.69) smtp.mailfrom=learn.inpd.co.uk; dkim=pass (signatures verified) header.d=inpdtraining.co.uk; dmarc=pass action=none header.from=inpdtraining.co.uk; arc=none X-Tm-As-Ers: 185.187.119.69-127.3.0.1 X-Tm-Addin-Auth: 9smJ5FxNNU6vRM/DSi3W7rDJAMq1S+B8qJg3Bj8ADWExqmFjLpbLk71FL4U 5lCJ8qHt+4GytHFMGuqeHdD+f16AmjAI/h3i/IKXgIEe+5ms1MY0xXa2BmnPFcSyIVQgQ7SPE0L B+wU/MK39ua6XmvD0S/MwbVyc8cGegp/2NlHlBIW2Lhe3vLuTXaFeDqI7T8G8y1GEvyYuhQql4b ze6TEWxY6gNm91I2wGnVo3tn4QPB4MAKfwJ1gQ5Tq2SxXdZE2Qulxk20Ig0wIOyo9/elhDutnua lnijFr1F4xUG2fiwQ1Sto/uOcvdAeWJr6r0+.VF4YhKz58Ftt9ung9KDyKx9TgWbJG26vFIYqcM uJchW/AKqXDgTUCJ2SN+JnictGi2pHbW99lFtCgfPTRw5ElREC5MN1GxJgnLmbdR7xgw2LpTZlC JJztocH+t/lXgmf/VcLFACUrfXXzdLppCyGBFVX6UrzgsNHIhmKEDBz4FXdQzSnqdP2YGpfO8f6 iVRLmxaFbui9BvXRZwXnyXCHI7YzFFXslLi+mfAS5/f3/yDKCEPE1ebSOxbi9vjQuFNFogQaAhd 93sQDZpgJikQDH1LFH6Z2ta5Gf/Zp7NLsZgxsnUuLT4pM0Mz4Buhgbn31/khRBEnfPpk86n1aif Vx2g== X-Tm-Addin-Productcode: EMS X-Tmase-Version: StarCloud-1.3-9.1.1023-28428.006 X-Tmase-Result: 10--1.938600-10.000000 X-Tmase-Matchedrid: KxrMY5blxgKufjpOTBCZF22Dih2Q1R3bV/PvpAMTDp/iYwcBlrP2mv9c XGiSGmuVajuQRPPofdIta64Tt5lszEEwlAH/PleeQgXu2iij9RDbsMKgct/1bq/jP2VeKb7Iycg advOu9CAL6av7YvHcfI4eLDiNVLebi+ZjWETZUNTkvnu8L8lC9WNDOyM3/J77i1Tlk8twAew8Bd pLW7IeOSE8raaf46xMgHW1Kci8XUMj7HJJIdCJubeRNnvRZshbfmPWHsKOxhOz2XxgoiEezKcqR tSTzo4kudRBZn0FehKjiIJqRFExTYRZfxYhJ8p2/S0JvmlnE6qgIEP6KkgWmFxXl5Nu9POi/iuo o30dWbnqqpOqdTQ56nT/BSqPsxuGkGEYuVNVxHvSrj92wVy4G8uVXJr//PK2yylUe4wmNq2Val5 /JOrCHrNZcSfsHwzCZsBazu632yJd1huWY9I6IROayaVCA+ghizV4sHT5scp5se18byPgYRCi5g 131N2OnRTJpY7VAKfi1DA1xO4yz47joK0YU3OAuYf5DrEd8qaeQxlxGrnlAz8MbQNN4rWzTXmo1 7xzCoApUPEK9Wmtg/FlUF42rNf+NSli361c1GFCgI+93jh/GKPcsiXgzh7siE1/yxDNfQ4jYswF U+v7QhFMO+gC2WCplZbMcLwevdVlM+BEEqucDkJ5y1ngQ7WRJ8m/hfnWpKA7GdGLTzIxIpIbd+w nhmyUju2XlcEx9HS8vTgOvryN2oZp06uFK1nsJQktxNYzOLPW/vZHcjkKu+8voWA4+4sZK3BCOL bTGQ1bdURHyMSH+LCUU0XjNO3M4qoIi144zw3ooQk7tJHpeCS8kWuwOHSHldYeoo7G9XguMVb+B G18JBEuOqgkm3/1fC4IwOLvyucOL85GDtaEd30pBoEiOUVpUjbHfpX3XbZoOvlKcyW7flY/Hnfp NkxAabQFk1K9WnFkzeNs4Fp1DWLK5A5md0r9ulxMqwyzVlH6CxJ5baM0J7Yj7orx4oOsCdQxfgt Nw8V+O/5a4e9QeO+lU22yYQQKH8FerAT0dJY= X-Tmase-Snap-Result: 1.821001.0001-0-1-1:1,22:0,28:1,33:0,34:0,42:1-0 X-Tmase-Xgencloud: 860f0b52-4231-4382-9ff0-b6f879e57dc0-0-0-200-0 X-Tm-Deliver-Signature: 06124FEC78EA7E1B65DB6355FF8ADC2C Return-Path: [email protected] X-Ms-Exchange-Organization-Expirationstarttime: 03 Jun 2024 09:02:53.2865 (UTC) X-Ms-Exchange-Organization-Expirationstarttimereason: OriginalSubmit X-Ms-Exchange-Organization-Expirationinterval: 1:00:00:00.0000000 X-Ms-Exchange-Organization-Expirationintervalreason: OriginalSubmit X-Ms-Exchange-Organization-Network-Message-Id: 14f11937-dffb-4a84-549a-08dc83abf3cf X-Eopattributedmessage: 0 X-Eoptenantattributedmessage: 1e69e311-af1f-4162-b24e-16bb3f962d34:0 X-Ms-Exchange-Organization-Messagedirectionality: Incoming X-Ms-Exchange-Skiplistedinternetsender: ip=[185.187.119.69];domain=mta119-69.msgfocus.com X-Ms-Exchange-Externaloriginalinternetsender: ip=[185.187.119.69];domain=mta119-69.msgfocus.com X-Ms-Publictraffictype: Email X-Ms-Traffictypediagnostic: CH2PEPF00000141:EE_|PH7PR05MB10566:EE_|PH0PR05MB8366:EE_ X-Ms-Exchange-Organization-Authsource: CH2PEPF00000141.namprd02.prod.outlook.com X-Ms-Exchange-Organization-Authas: Anonymous X-Ms-Office365-Filtering-Correlation-Id: 14f11937-dffb-4a84-549a-08dc83abf3cf X-Ms-Exchange-Organization-Scl: 1 X-Microsoft-Antispam: BCL:5;ARA:13230031|69100299006|82310400017|5073199003; X-Forefront-Antispam-Report: CIP:18.185.115.107;CTRY:GB;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mta119-69.msgfocus.com;PTR:mta119-69.msgfocus.com;CAT:NONE;SFS:(13230031)(69100299006)(82310400017)(5073199003);DIR:INB; X-Ms-Exchange-Crosstenant-Originalarrivaltime: 03 Jun 2024 09:02:53.0208 (UTC) X-Ms-Exchange-Crosstenant-Network-Message-Id: 14f11937-dffb-4a84-549a-08dc83abf3cf X-Ms-Exchange-Crosstenant-Id: 1e69e311-af1f-4162-b24e-16bb3f962d34 X-Ms-Exchange-Crosstenant-Authsource: CH2PEPF00000141.namprd02.prod.outlook.com X-Ms-Exchange-Crosstenant-Authas: Anonymous X-Ms-Exchange-Crosstenant-Fromentityheader: Internet X-Ms-Exchange-Transport-Crosstenantheadersstamped: PH7PR05MB10566 X-Ms-Exchange-Transport-Endtoendlatency: 00:00:02.6689005 X-Ms-Exchange-Processed-By-Bccfoldering: 15.20.7656.004 X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003); X-Microsoft-Antispam-Message-Info: mmEfZt4goNiItmlewt8gtqoIVfYYHnOAaE47gHP0FMLe/8Qub61GYGpkihUUgiWYodxWg2K3DiTmH0P6vrM+imXDaoOlx3BuH1Z2pR1OapAs5Y8p7JrEum90GjmVhpMNnF9X4l6nuEAOm9g+EGWjAAU3foSVtUsYjOdHZy4zwvr/t/zBDaRE69pccSWVsLGn8RfuRgvBWxeFbwEljrLX6gr7pCmRHYg5iSKx0nPvNxLING0orsQiooK5kKt4wDe5FFk4jv5JJwBiQNvl2Q+qP46mUz/cf0xF9OumNFNH2i4sUq9cHVgjIPRMG2JNWeaKTGI//RFrbgefVevcF3HFhpqWZAr42S6vQtXmZIUN+Xxde89Dv0Opp0q5NbaIcJYCiAlxi5T3i9TowXsLDUyOWKmPAMrpoI5iqh0pgR0e0/BB0Ch+xiBV6FgBgbu9nNZBH/tmRxccXy9/AIlpITaKQKIGmAmUEuFfWFujDY/8M/iaBnVwuBQNn6nu2ZN7w5shOVGM8vxsqDBhIhXith5adHEWzXK6JmVVOf80UQ6SrLJRMLgemzWU9Mbwy4oGNS81PP5nwYcgqKIYi02YqGnFhoktGq+ZkySpPE6vGZxu2bD+7wLfx9Vt1jfkg0Q3Ne/ja1tJouOpTOZdSEU0c+7qciV8KZ3wIANnwo20JxeCK6r6tSjoHKg6di49mmPHSafg6gw3EG0OVnyd0c9Wfo7cByDqa14+U7CxbTo3OwmUN4EoofR8wYwFsONqgqiDNVZm1WFQjELID8Eyyvk3eBegF4UMuGt1552B0NIcYzjv0X9g2bxB0Vybo3WKKybdPJMBsF7/R4keo/TqwhW+k06GrJEES5JMwjDntLlFAHfbrSaU+t0519rSMXfEg+I99GonbGUMWiw0/SAN6xEqUF8lkAYoFaBDH4ike+mPdNWY2zy4i8oljlUs+N1gK3JyK+jtbcT/29QwcF+IjOipfmSikzubpLzaJA5uGgq0u60frK/cQRKLCq1gDdAIYDuX/kA/VwYPYKikt+FZ+WREsLfI9rI6jLaVtkdgU2e/VlkC9sYw7WgdOYC/jzZ1Og5wJCLzZ+xqifrTruPoch9hrFCKSkkq7wfDklQ0kVquRdtSe6TS2kyRw5uS7yNGjEZ86UJ4smF6esvjbSqKmuYdcE8WOUFDcU8IFUzHCIyFMCDM3lh22qKV6A4ptCYBL0C5HgwgxLDjxe0xMLfATHIID8NyEQzOA+owI3EGc79mII+Dqd18ikd9+wCK7+axvWIc/E9zAApQ9J40lnR5XhyhqrbDKuE0HRHxzUAcuV9WQNDS1xJrdepJ+lYeCuZRdBGgyRC21hc8qp866h9pO7T8OTpQ9Dsyz6dhqv05tPYjrdqF5hcPlLhJvg3vy6V9M299ZA9AKhTjE8uGiClMZ5hEH1LqcGMe37YMZTDWeSlHNd6W3ww7sPAABLWGOvxY2A9nmam01XOO5IH1W20eXx9EGA3NpBxgOjEMrNN/GSqiOIvM9pWtVSvVtlREh/60rc7zfpcmmT0L1/ax6HmbJNHQqsD39/Y/VEREzEnKnsnUuATMyRaSB7aHGYIypqDaz2bJD4y1PlfMn9q1zzaB6TbYyZLaeWo/DX2OZwNm9FvlYasMPDJFVzHaEXakQH+y9OSrb+iYeKO7r5G5Ml/FTImhDHrf2rtPKgSk2O3b5tS49hHsl1B4uzCJjNZ61FiAgbCvlCU1Ov1xKjqUgjcOD6qWkW6BqaL9r51UqHdmNNwS75pi19BLNLr9tPCd2sGr9OUMVkxngDWZ4+QHQ/YGfb2ib1JdpAEmUWgoOCvPRclaC4Nw1WCRG6gwKki5JQX5QorBOS1vMsFKcw2zJXebcdeV08bJFxNG0TwWtRVPLybWRT/HKSZBffte1pBs8Lpa7ppRWVC2oT6Z+LIxaUvR0kZ+Zc8yQ89PGf+pdL+sBsBuOl0OJyb41b3cbFcGou/sm0Wqr/piEgNclRQTBkE0QjDJuZTujrAvybzVwbi8qtDP1PO1lJq5nVu0psyrf7RQ9sksqJs3004a6IyZhmF/jj691h1oH6XAGfj/NQLxWLhtP9w5m/w8kfNxLD8maIOGQYH4a17Zp+wQclrMRBPT/XX0W3II/mdPVq9rKh/NQmGtziR4egqSYJ4oo5mS4TkM54xvRFZDC1y5obeMR8Bp6HAYLNWe9Q== Content-Transfer-Encoding: 7bit

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618933082164784" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3628 wrote to memory of 4536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 4536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 1488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 2164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 2164 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3628 wrote to memory of 3752 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Received: from PH7PR05MB10566.namprd05.prod.outlook.com (2603:10b6:510:302::5) by PH0PR05MB8366.namprd05.prod.outlook.com with HTTPS; Mon, 3 Jun 2024 09:02:55 +0000 Received: from DM6PR04CA0022.namprd04.prod.outlook.com (2603:10b6:5:334::27) by PH7PR05MB10566.namprd05.prod.outlook.com (2603:10b6:510:302::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7656.8; Mon, 3 Jun 2024 09:02:54 +0000 Received: from CH2PEPF00000141.namprd02.prod.outlook.com (2603:10b6:5:334:cafe::ed) by DM6PR04CA0022.outlook.office365.com (2603:10b6:5:334::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7633.28 via Frontend Transport; Mon, 3 Jun 2024 09:02:53 +0000 Received: from inpost.tmes.trendmicro.eu (18.185.115.107) by CH2PEPF00000141.mail.protection.outlook.com (10.167.244.74) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7633.15 via Frontend Transport; Mon, 3 Jun 2024 09:02:53 +0000 Received: from 185.187.119.69_.trendmicro.com (unknown [172.21.192.213]) by inpost.tmes.trendmicro.eu (Postfix) with SMTP id 0942910023594 for <[email protected]>; Mon, 3 Jun 2024 09:02:52 +0000 (UTC) Received: from mta119-69.msgfocus.com (unknown [185.187.119.69]) by inpre01.tmes.trendmicro.eu (Trend Micro Email Security) with ESMTPS id 97B9A10001470 for <[email protected]>; Mon, 3 Jun 2024 09:00:25 +0000 (UTC) Authentication-Results: spf=pass (sender IP is 185.187.119.69) smtp.mailfrom=learn.inpd.co.uk; dkim=pass (signature was verified) header.d=msgfocus.com;dkim=pass (signature was verified) header.d=inpdtraining.co.uk;dmarc=pass action=none header.from=inpdtraining.co.uk;compauth=pass reason=100 Received-Spf: Pass (protection.outlook.com: domain of learn.inpd.co.uk designates 185.187.119.69 as permitted sender) receiver=protection.outlook.com; client-ip=185.187.119.69; helo=mta119-69.msgfocus.com; pr=C X-Tm-Mail-Received-Time: 1717405225.620000 X-Tm-Mail-Uuid: f5a5c341-1a2e-4a4a-b7c5-4f5d4525a7be Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=msgf; d=msgfocus.com; h=Subject:Message-ID:Reply-To:To:List-Unsubscribe:From:Date:MIME-Version: Content-Type; bh=Fj7agBQrBmer8d/tUBESJvN7hxbfRC3WlnhzEwU0hm0=; b=ffsrSZjT4mi+nbQ7rYpOucxyavoCuGPAu01682tmzJdLZ88dTs7swTCm5JDaFIlBqYlgUKAsI3Vv A3jJHHW+JXvFY57FExm4H1RzAwk0IOsk8GXsLauu2ZtV97rQ+ngY+QrHyHrqbCM/7fC6cuBnp33Z mhVFIUAqdEK9mjpJ60Y= Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inpdtraining.co.uk; s=msgf; t=1717405225; bh=Fj7agBQrBmer8d/tUBESJvN7hxbfRC3WlnhzEwU0hm0=; h=Subject:Message-ID:Reply-To:To:List-Unsubscribe:From:Date: MIME-Version:Content-Type; b=D4BQAUajMW+9LJ34kxT2BNNu2bNVhyQfRiSXlG/J8xrkZ2Or1OrwcjKqLaKP1gFDM of74KxHaUVHTJpsFxVjMvf4SjkzwEYAmjkQjWvPeLdRzFRlaiU9pBieWu6bfAEudW0 xk46FvxYjDlNj8FWHGvGso9377Z8rnCwo1Sy2C4Y= Subject: =?UTF-8?B?RXhwbG9yaW5nIExlYWRlcnNoaXAgRGV2ZWxvcG1lbnQgT3Bwb3J0?= =?UTF-8?B?dW5pdGllcw==?= Message-Id: <[email protected]> Reply-To: Michael Johnson <[email protected]> To: Lucy Jeffrey <[email protected]> List-Unsubscribe: <mailto:[email protected]?subject=Unsubscribe> From: Michael Johnson <[email protected]> Date: Mon, 3 Jun 2024 10:00:25 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----sinikael-?=_1-17174083441650.5885637185593819" X-Virtual-Mta: mta119-69 X-Tm-Received-Spf: Pass (domain of [email protected] designates 185.187.119.69 as permitted sender) client-ip=185.187.119.69; [email protected]; helo=mta119-69.msgfocus.com X-Tm-Authentication-Results: spf=pass (sender IP address: 185.187.119.69) smtp.mailfrom=learn.inpd.co.uk; dkim=pass (signatures verified) header.d=inpdtraining.co.uk; dmarc=pass action=none header.from=inpdtraining.co.uk; arc=none X-Tm-As-Ers: 185.187.119.69-127.3.0.1 X-Tm-Addin-Auth: 9smJ5FxNNU6vRM/DSi3W7rDJAMq1S+B8qJg3Bj8ADWExqmFjLpbLk71FL4U 5lCJ8qHt+4GytHFMGuqeHdD+f16AmjAI/h3i/IKXgIEe+5ms1MY0xXa2BmnPFcSyIVQgQ7SPE0L B+wU/MK39ua6XmvD0S/MwbVyc8cGegp/2NlHlBIW2Lhe3vLuTXaFeDqI7T8G8y1GEvyYuhQql4b ze6TEWxY6gNm91I2wGnVo3tn4QPB4MAKfwJ1gQ5Tq2SxXdZE2Qulxk20Ig0wIOyo9/elhDutnua lnijFr1F4xUG2fiwQ1Sto/uOcvdAeWJr6r0+.VF4YhKz58Ftt9ung9KDyKx9TgWbJG26vFIYqcM uJchW/AKqXDgTUCJ2SN+JnictGi2pHbW99lFtCgfPTRw5ElREC5MN1GxJgnLmbdR7xgw2LpTZlC JJztocH+t/lXgmf/VcLFACUrfXXzdLppCyGBFVX6UrzgsNHIhmKEDBz4FXdQzSnqdP2YGpfO8f6 iVRLmxaFbui9BvXRZwXnyXCHI7YzFFXslLi+mfAS5/f3/yDKCEPE1ebSOxbi9vjQuFNFogQaAhd 93sQDZpgJikQDH1LFH6Z2ta5Gf/Zp7NLsZgxsnUuLT4pM0Mz4Buhgbn31/khRBEnfPpk86n1aif Vx2g== X-Tm-Addin-Productcode: EMS X-Tmase-Version: StarCloud-1.3-9.1.1023-28428.006 X-Tmase-Result: 10--1.938600-10.000000 X-Tmase-Matchedrid: KxrMY5blxgKufjpOTBCZF22Dih2Q1R3bV/PvpAMTDp/iYwcBlrP2mv9c XGiSGmuVajuQRPPofdIta64Tt5lszEEwlAH/PleeQgXu2iij9RDbsMKgct/1bq/jP2VeKb7Iycg advOu9CAL6av7YvHcfI4eLDiNVLebi+ZjWETZUNTkvnu8L8lC9WNDOyM3/J77i1Tlk8twAew8Bd pLW7IeOSE8raaf46xMgHW1Kci8XUMj7HJJIdCJubeRNnvRZshbfmPWHsKOxhOz2XxgoiEezKcqR tSTzo4kudRBZn0FehKjiIJqRFExTYRZfxYhJ8p2/S0JvmlnE6qgIEP6KkgWmFxXl5Nu9POi/iuo o30dWbnqqpOqdTQ56nT/BSqPsxuGkGEYuVNVxHvSrj92wVy4G8uVXJr//PK2yylUe4wmNq2Val5 /JOrCHrNZcSfsHwzCZsBazu632yJd1huWY9I6IROayaVCA+ghizV4sHT5scp5se18byPgYRCi5g 131N2OnRTJpY7VAKfi1DA1xO4yz47joK0YU3OAuYf5DrEd8qaeQxlxGrnlAz8MbQNN4rWzTXmo1 7xzCoApUPEK9Wmtg/FlUF42rNf+NSli361c1GFCgI+93jh/GKPcsiXgzh7siE1/yxDNfQ4jYswF U+v7QhFMO+gC2WCplZbMcLwevdVlM+BEEqucDkJ5y1ngQ7WRJ8m/hfnWpKA7GdGLTzIxIpIbd+w nhmyUju2XlcEx9HS8vTgOvryN2oZp06uFK1nsJQktxNYzOLPW/vZHcjkKu+8voWA4+4sZK3BCOL bTGQ1bdURHyMSH+LCUU0XjNO3M4qoIi144zw3ooQk7tJHpeCS8kWuwOHSHldYeoo7G9XguMVb+B G18JBEuOqgkm3/1fC4IwOLvyucOL85GDtaEd30pBoEiOUVpUjbHfpX3XbZoOvlKcyW7flY/Hnfp NkxAabQFk1K9WnFkzeNs4Fp1DWLK5A5md0r9ulxMqwyzVlH6CxJ5baM0J7Yj7orx4oOsCdQxfgt Nw8V+O/5a4e9QeO+lU22yYQQKH8FerAT0dJY= X-Tmase-Snap-Result: 1.821001.0001-0-1-1:1,22:0,28:1,33:0,34:0,42:1-0 X-Tmase-Xgencloud: 860f0b52-4231-4382-9ff0-b6f879e57dc0-0-0-200-0 X-Tm-Deliver-Signature: 06124FEC78EA7E1B65DB6355FF8ADC2C Return-Path: [email protected] X-Ms-Exchange-Organization-Expirationstarttime: 03 Jun 2024 09:02:53.2865 (UTC) X-Ms-Exchange-Organization-Expirationstarttimereason: OriginalSubmit X-Ms-Exchange-Organization-Expirationinterval: 1:00:00:00.0000000 X-Ms-Exchange-Organization-Expirationintervalreason: OriginalSubmit X-Ms-Exchange-Organization-Network-Message-Id: 14f11937-dffb-4a84-549a-08dc83abf3cf X-Eopattributedmessage: 0 X-Eoptenantattributedmessage: 1e69e311-af1f-4162-b24e-16bb3f962d34:0 X-Ms-Exchange-Organization-Messagedirectionality: Incoming X-Ms-Exchange-Skiplistedinternetsender: ip=[185.187.119.69];domain=mta119-69.msgfocus.com X-Ms-Exchange-Externaloriginalinternetsender: ip=[185.187.119.69];domain=mta119-69.msgfocus.com X-Ms-Publictraffictype: Email X-Ms-Traffictypediagnostic: CH2PEPF00000141:EE_|PH7PR05MB10566:EE_|PH0PR05MB8366:EE_ X-Ms-Exchange-Organization-Authsource: CH2PEPF00000141.namprd02.prod.outlook.com X-Ms-Exchange-Organization-Authas: Anonymous X-Ms-Office365-Filtering-Correlation-Id: 14f11937-dffb-4a84-549a-08dc83abf3cf X-Ms-Exchange-Organization-Scl: 1 X-Microsoft-Antispam: BCL:5;ARA:13230031|69100299006|82310400017|5073199003; X-Forefront-Antispam-Report: CIP:18.185.115.107;CTRY:GB;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mta119-69.msgfocus.com;PTR:mta119-69.msgfocus.com;CAT:NONE;SFS:(13230031)(69100299006)(82310400017)(5073199003);DIR:INB; X-Ms-Exchange-Crosstenant-Originalarrivaltime: 03 Jun 2024 09:02:53.0208 (UTC) X-Ms-Exchange-Crosstenant-Network-Message-Id: 14f11937-dffb-4a84-549a-08dc83abf3cf X-Ms-Exchange-Crosstenant-Id: 1e69e311-af1f-4162-b24e-16bb3f962d34 X-Ms-Exchange-Crosstenant-Authsource: CH2PEPF00000141.namprd02.prod.outlook.com X-Ms-Exchange-Crosstenant-Authas: Anonymous X-Ms-Exchange-Crosstenant-Fromentityheader: Internet X-Ms-Exchange-Transport-Crosstenantheadersstamped: PH7PR05MB10566 X-Ms-Exchange-Transport-Endtoendlatency: 00:00:02.6689005 X-Ms-Exchange-Processed-By-Bccfoldering: 15.20.7656.004 X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003); X-Microsoft-Antispam-Message-Info: mmEfZt4goNiItmlewt8gtqoIVfYYHnOAaE47gHP0FMLe/8Qub61GYGpkihUUgiWYodxWg2K3DiTmH0P6vrM+imXDaoOlx3BuH1Z2pR1OapAs5Y8p7JrEum90GjmVhpMNnF9X4l6nuEAOm9g+EGWjAAU3foSVtUsYjOdHZy4zwvr/t/zBDaRE69pccSWVsLGn8RfuRgvBWxeFbwEljrLX6gr7pCmRHYg5iSKx0nPvNxLING0orsQiooK5kKt4wDe5FFk4jv5JJwBiQNvl2Q+qP46mUz/cf0xF9OumNFNH2i4sUq9cHVgjIPRMG2JNWeaKTGI//RFrbgefVevcF3HFhpqWZAr42S6vQtXmZIUN+Xxde89Dv0Opp0q5NbaIcJYCiAlxi5T3i9TowXsLDUyOWKmPAMrpoI5iqh0pgR0e0/BB0Ch+xiBV6FgBgbu9nNZBH/tmRxccXy9/AIlpITaKQKIGmAmUEuFfWFujDY/8M/iaBnVwuBQNn6nu2ZN7w5shOVGM8vxsqDBhIhXith5adHEWzXK6JmVVOf80UQ6SrLJRMLgemzWU9Mbwy4oGNS81PP5nwYcgqKIYi02YqGnFhoktGq+ZkySpPE6vGZxu2bD+7wLfx9Vt1jfkg0Q3Ne/ja1tJouOpTOZdSEU0c+7qciV8KZ3wIANnwo20JxeCK6r6tSjoHKg6di49mmPHSafg6gw3EG0OVnyd0c9Wfo7cByDqa14+U7CxbTo3OwmUN4EoofR8wYwFsONqgqiDNVZm1WFQjELID8Eyyvk3eBegF4UMuGt1552B0NIcYzjv0X9g2bxB0Vybo3WKKybdPJMBsF7/R4keo/TqwhW+k06GrJEES5JMwjDntLlFAHfbrSaU+t0519rSMXfEg+I99GonbGUMWiw0/SAN6xEqUF8lkAYoFaBDH4ike+mPdNWY2zy4i8oljlUs+N1gK3JyK+jtbcT/29QwcF+IjOipfmSikzubpLzaJA5uGgq0u60frK/cQRKLCq1gDdAIYDuX/kA/VwYPYKikt+FZ+WREsLfI9rI6jLaVtkdgU2e/VlkC9sYw7WgdOYC/jzZ1Og5wJCLzZ+xqifrTruPoch9hrFCKSkkq7wfDklQ0kVquRdtSe6TS2kyRw5uS7yNGjEZ86UJ4smF6esvjbSqKmuYdcE8WOUFDcU8IFUzHCIyFMCDM3lh22qKV6A4ptCYBL0C5HgwgxLDjxe0xMLfATHIID8NyEQzOA+owI3EGc79mII+Dqd18ikd9+wCK7+axvWIc/E9zAApQ9J40lnR5XhyhqrbDKuE0HRHxzUAcuV9WQNDS1xJrdepJ+lYeCuZRdBGgyRC21hc8qp866h9pO7T8OTpQ9Dsyz6dhqv05tPYjrdqF5hcPlLhJvg3vy6V9M299ZA9AKhTjE8uGiClMZ5hEH1LqcGMe37YMZTDWeSlHNd6W3ww7sPAABLWGOvxY2A9nmam01XOO5IH1W20eXx9EGA3NpBxgOjEMrNN/GSqiOIvM9pWtVSvVtlREh/60rc7zfpcmmT0L1/ax6HmbJNHQqsD39/Y/VEREzEnKnsnUuATMyRaSB7aHGYIypqDaz2bJD4y1PlfMn9q1zzaB6TbYyZLaeWo/DX2OZwNm9FvlYasMPDJFVzHaEXakQH+y9OSrb+iYeKO7r5G5Ml/FTImhDHrf2rtPKgSk2O3b5tS49hHsl1B4uzCJjNZ61FiAgbCvlCU1Ov1xKjqUgjcOD6qWkW6BqaL9r51UqHdmNNwS75pi19BLNLr9tPCd2sGr9OUMVkxngDWZ4+QHQ/YGfb2ib1JdpAEmUWgoOCvPRclaC4Nw1WCRG6gwKki5JQX5QorBOS1vMsFKcw2zJXebcdeV08bJFxNG0TwWtRVPLybWRT/HKSZBffte1pBs8Lpa7ppRWVC2oT6Z+LIxaUvR0kZ+Zc8yQ89PGf+pdL+sBsBuOl0OJyb41b3cbFcGou/sm0Wqr/piEgNclRQTBkE0QjDJuZTujrAvybzVwbi8qtDP1PO1lJq5nVu0psyrf7RQ9sksqJs3004a6IyZhmF/jj691h1oH6XAGfj/NQLxWLhtP9w5m/w8kfNxLD8maIOGQYH4a17Zp+wQclrMRBPT/XX0W3II/mdPVq9rKh/NQmGtziR4egqSYJ4oo5mS4TkM54xvRFZDC1y5obeMR8Bp6HAYLNWe9Q== Content-Transfer-Encoding: 7bit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2928ab58,0x7ffa2928ab68,0x7ffa2928ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1888,i,10631502203592744204,12133198882428760770,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1888,i,10631502203592744204,12133198882428760770,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2116 --field-trial-handle=1888,i,10631502203592744204,12133198882428760770,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1888,i,10631502203592744204,12133198882428760770,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1888,i,10631502203592744204,12133198882428760770,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3580 --field-trial-handle=1888,i,10631502203592744204,12133198882428760770,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4416 --field-trial-handle=1888,i,10631502203592744204,12133198882428760770,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4408 --field-trial-handle=1888,i,10631502203592744204,12133198882428760770,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1888,i,10631502203592744204,12133198882428760770,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1888,i,10631502203592744204,12133198882428760770,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4916 --field-trial-handle=1888,i,10631502203592744204,12133198882428760770,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp

Files

\??\pipe\crashpad_3628_DLSYNBFGZHWINKFL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c20cbdc3f493e4308e47802420f297b9
SHA1 0ddc5fb25849f64b6c80cfe4817610ed0d5e0d41
SHA256 2996fbaa5da97c50df457798af813666e9da00ba25de1fbd22155cd97dea7bd7
SHA512 c7dd741a29b7b5184fb2785c8943df4410f40fe9784361f500a8fed19270d21e0e8a2d8d13b59463e3393718e62bc490a9dc2184948d0b2eb88494894c562dc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2796795ccaa70eed2f168b4b5a1522c
SHA1 6cf42dfa5445dcc5bbf413e6004cadfa4f690fd4
SHA256 4d5e2f0cf9672a6caa5d3d0a20147ef71eaee763dcd011bebdd3e8ee7102bd60
SHA512 38bc2d16ea796eced058f9be4ea74c62b28888beaf0859eda1abeb87a239fbabe31e7a48880e86fedb37c6b592c5380aba05409a92e950a86cf1b029cdb9d2be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cd24bcfb64f18709529d8a6be9315632
SHA1 8d7b1c1d1318c698fddfa5c0cb5d8e565c6b315d
SHA256 d7420480200302978e26fbbe833bc29e82164966028c0210eb12a4448281f114
SHA512 1d58eb49364d50ee220855c974a9450e7a4e2a992c30980a748cf4c4036e3c4db71a55a85edbc4eca171a54ff2d80f1ff17b91a82c0db1af8b7bc1e23d95e6f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2ab86d7a4f210bac8d10f1c452e4159b
SHA1 4a2e6eefcf0f4942442b105d623f9e8157b4c38d
SHA256 5af8b50cb3b2d0ed152561559c16eecf2cfe3774df990e293e42990b21920437
SHA512 0a4544ce7df23e23873b1061c25bb891cba56c11bc273dd87dd24bb0052b0879139e7637ad49d73ba5f878f3a24270dabf74ee3d6246be4a110e667e1aae3e96