Malware Analysis Report

2025-01-19 04:32

Sample ID 240814-a5yalashpd
Target https://havilaremodelling.com/policy
Tags
microsoft discovery phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

Threat Level: Likely benign

The file https://havilaremodelling.com/policy was found to be: Likely benign.

Malicious Activity Summary

microsoft discovery phishing

Drops file in System32 directory

Detected potential entity reuse from brand microsoft.

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-14 00:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-14 00:48

Reported

2024-08-14 00:51

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

145s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://havilaremodelling.com/policy

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680701313072099" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1344 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 2208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 508 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 4920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 4920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1344 wrote to memory of 3364 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://havilaremodelling.com/policy

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc6c7ccc40,0x7ffc6c7ccc4c,0x7ffc6c7ccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1876,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1736,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2248 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4488,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3216,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4912 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5084,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4468,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4628,i,15865142181777502918,1073294774772688292,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=728 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 havilaremodelling.com udp
US 192.185.212.185:443 havilaremodelling.com tcp
US 192.185.212.185:443 havilaremodelling.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 185.212.185.192.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com udp
US 8.8.8.8:53 41.94.18.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 robabeclosing1955-2.cfd udp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 8.8.8.8:53 r10.i.lencr.org udp
GB 2.16.167.123:80 r10.i.lencr.org tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd udp
US 8.8.8.8:53 140.26.41.89.in-addr.arpa udp
US 8.8.8.8:53 123.167.16.2.in-addr.arpa udp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 8.8.8.8:53 res.public.onecdn.static.microsoft udp
US 152.199.21.175:443 res.public.onecdn.static.microsoft tcp
US 152.199.21.175:443 res.public.onecdn.static.microsoft tcp
US 152.199.21.175:443 res.public.onecdn.static.microsoft tcp
US 152.199.21.175:443 res.public.onecdn.static.microsoft tcp
US 152.199.21.175:443 res.public.onecdn.static.microsoft tcp
US 152.199.21.175:443 res.public.onecdn.static.microsoft tcp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 8.8.8.8:53 csp.microsoft.com udp
US 13.107.246.64:443 csp.microsoft.com tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 152.199.21.175:443 res.public.onecdn.static.microsoft udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 152.199.21.175:443 res.public.onecdn.static.microsoft udp
US 8.8.8.8:53 eu-office.events.data.microsoft.com udp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
FR 51.11.192.50:443 eu-office.events.data.microsoft.com tcp
US 8.8.8.8:53 50.192.11.51.in-addr.arpa udp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 outlook.office365.com udp
GB 40.100.174.18:443 outlook.office365.com tcp
US 8.8.8.8:53 r4.res.office365.com udp
GB 2.16.167.131:443 r4.res.office365.com tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 142.250.75.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 18.174.100.40.in-addr.arpa udp
US 8.8.8.8:53 131.167.16.2.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 89.41.26.140:443 robabeclosing1955-2.cfd tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
NL 52.178.17.2:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

\??\pipe\crashpad_1344_VEVBJNDCOCNNRFRZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 b58193511492a7c09c0a88038fb784b9
SHA1 c087f5a644573f2d27dce7cc5c6095ec5652c334
SHA256 cfe8ba2ad7ec4bdefed3e33cc33bce40e55e9a313ffb264edfcfd4c26acf8136
SHA512 82a2dab5e6d71db089d70149c6b48aff8e928c3cdcd68a9958a377890d2585625ecdebfe3d13c073e936363d7a081acf0cd6e5dc4cd2cd7020edd818ab47b74d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2177b5d66f83ac87851c8ede65f5eb03
SHA1 29624bb56ba87e150c765fe55e817f78c9fcf16b
SHA256 316bb71769127dc7ed910ce20ddcababff658745f7cbd85426b8b675eefc4aa3
SHA512 d2bcbc09d720d5e7f66a45ca072e3ac377b7625c09a01224bbf841ec8b994247c34171a421a09c81f518ee71610f05a408e3e5147c2d3a8fea8723bc2c2ef1ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ce77d151f35f3ea4697b2b0eec1eb6d
SHA1 4b3e99308a8c7e8c3e209da6d9d34e01659724d7
SHA256 780aacb1164ba15f31213ee20c427d00f31226cb84bceaec875d20864ea8f747
SHA512 eb3c30dcfc96b61c82bcd97f9701a84bfc1a5054248e9c1bd6868e2ff4805f5c0f5d81377c4aed3ffacddadc4d95358cef7e79f6244d783527de9a4272979501

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 43d2d35ef4741c55b61242534263e843
SHA1 bf20f040f5168ec30b66421e210554dce55ea4f8
SHA256 3a3308123bfa53cfe6f7f3807f38aefb06f7ca46fbea899d185df31e96f475ef
SHA512 c3925b5aff9429e5ce2120576a4f0630c434bb91d45043f8f7ad217e8817a6394d19873a075ffaa964069d2da2b970f56c36def80cfddd95bd0a3943959245f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3796ff065724f74e5e8d5b2c0796f5f
SHA1 0211a9c9d72d30aaa454ffd184d079f6cb824cc1
SHA256 465de1365eaffa02d29a16d428b8793df3cb6a055ab022c97effa6a5ce9d851e
SHA512 6edec757dedf42d75b0951665bff5d63fe03be8d4866611228b051a36b335c2ec675a9bf86fbd71c0eb8127af807923be69fe37be79a195d986a00b28dd2c4b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3804f58a973427ce374ba5a89429c5a7
SHA1 22f0c1c68d17741a8612b0602f581a3d61a30745
SHA256 31b01a6979480ca362ab7854fbd93615d5a5d4913d36232bb57ff26149ef2498
SHA512 7d434117228bde9d590f31c3dfbb37b9e1085aa0852f270dcb27dc71d5ec1e44e3693e43a17cdccf763f64833dec7e3056c15080e740088f26c05c89808e92cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8088b3be95ea654bb722194550d0196d
SHA1 a40f957035c98d36d842054a086f731829f793eb
SHA256 80c5633b68a4cf874f5f6e011b9601e2426eb3d02b4a4fe21bc6a0ef666c92df
SHA512 897917fc62d8c78062fbf6bc2bb29190abedeac08745dcef79b9e3508c536e6977cd5c1c75eb7d539ec8e9aa8a36911f5983dd55aef5fd80dfab8ea46880460b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 58272206169bfa616097fc4b49754f76
SHA1 f51e857569c6238d4b2a75dec9ab85b8e0deae07
SHA256 3900e603915ac62bf0537758f4702f37080b8310091807b315f2095cefe34d58
SHA512 a8335528f29edf8282ed1e1bfd11c0e1de8820758dc3c19bcb81b2d1e63f755ce25f200924d73716b5184df20aab0006be880fba7d5041ae7bdf7322ff3cd6e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b8c13680e8070aa3e3a75f201f305dce
SHA1 e56c1effef7910bb35a81b518a40aa1ff1a1d2cf
SHA256 330447553e69a0297bd3780d835d66cc5e6035a003600e5bdc996db76053471e
SHA512 f10ff5b9c5634f8736b6954daacbd4f590abb5ab4dccd321865048ff3f295c8419e5a4af23e5e60283fff7d54a4ca2b974c62274191cb79a95e1168d59b6c3b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 74322d6bcf58c07eff1d1f3232cb00db
SHA1 1ebfdca1d79f858cc3649c06b3c6fb116c7e4729
SHA256 ab0bcc394b7321ea7abc53aff0f96d3a6df76759c72ca4a7932bbd6a2644ecf9
SHA512 b4c496817cf5c939c3cfc2b27848059869bf61e4bdd5c994c78361839495e8effc08c093ca2cc48edd8c647023e657c719ea304d96a7c1fe76dcf0279baef93c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5ddc05a0dc02e9235ea2a6173f4eebee
SHA1 02779e50b6842ca6508ee4c16db89c0a8c7dbe3b
SHA256 664fcd526da62b8f3c34ddc7e06b45b8db74f47c5a1f6ea2b81ae8ddb39247f1
SHA512 f9516ddea4528c7c13fd895fbce45a8e6a224fdfdb38c8ee04b2f4c7919c5c6d03e0d41fbf09cfc296e59256c688e8c2775cab952fa130791ddc03716c360433

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4fe7c47b-78b8-462d-b5b7-190c5ed2c309.tmp

MD5 6aa3a1ba83543837476a85a74d12e475
SHA1 8d440e2ec9f8c2aea4e9381f36cdcd3227db4d27
SHA256 81e2af62c8472f6fbcabf6595aabec5f10b914151def0f6fc2974a3c92944c04
SHA512 56daa5799ed72258934ff24bce21bc7fefbe97ed1e8fc5404025878eeaeb46f67d613a35f0c78bd21e6c20d49f8c029f99d2e70a59695b97714cd8b6ea944ea1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ad650f1b7df867bc7ef3fa1bd4ea86c
SHA1 0d05f03541b53fa1df67215b702bd71888462fa8
SHA256 23c3738791014367713176628541eb8abed1ae8569bfeaceeee6f61c7a2fbf09
SHA512 2ac196bca98798de26105f0622d3cc0c7a2713092547e5158530775cbee05c92c30eb15d20987a53bf2bb7aed37229a913a912147409ee0160d67bf4810fca99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7629d83741c78e835c3a0363a6761aa5
SHA1 31311e9b48a9958bb5b5c3627f7b17d193d47af6
SHA256 63594b8a15e2188f40f686ff816a93ccf6ab80685cf6eeec5ca58b06ba560d57
SHA512 d2fd77901ad043c72aaafc08d182f0f7b7fa845d636e92978db33883f9e88fb96702994362944efa1cf6a47dbfaa6d38b0057f1688e7e6e1593b02608dbe1475

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ff5caba1acce4386cff3895dd7ddd260
SHA1 87f63aa95bb541f531a99c86593a024418514680
SHA256 653ef871a4e1c65a2aeb53677df2fa2bacf4fbfe64c4d8c9e3e68a8516ff1d9b
SHA512 753f88b4cf2e6f4adf51c5bb3534c506ff0b711428dc1dab84840af18d21bde2502aa33ac9a6223144d8f7f5020039b60d634cab4aacf6802f80585b0bb2e76d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a7f249706c6507ed14671bb025c53255
SHA1 6b278657d98a75063a64efc68676b3b2c6980f72
SHA256 f641b5cf307dc2158a0228192149fbb5baf75abd2337f05add438943adb8e8e2
SHA512 28d5039f7494bd96e33a6c07f5c27de78ed746bdab4565d45ed5df6ac41763da1fa7a2ec150d25d49c862e287940d09011112e6ee0c86a5b02c26e6d7304d448