Analysis Overview
Threat Level: Known bad
The file https://esplees.za.com/png/index.html#dmlzaG51LmFuZ2FyYWtoZUByaWwuY29t was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Drops file in Windows directory
Browser Information Discovery
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-18 17:13
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-18 17:13
Reported
2024-12-18 17:15
Platform
win10ltsc2021-20241211-en
Max time kernel
130s
Max time network
125s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133790156217396091" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://esplees.za.com/png/index.html#dmlzaG51LmFuZ2FyYWtoZUByaWwuY29t
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffa0ef1cc40,0x7ffa0ef1cc4c,0x7ffa0ef1cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2064,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2076 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1312,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2304 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3120 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3156 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4472 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4336,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4608 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5072,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5084 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4576,i,6018790004633591475,10480772842384077201,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4484 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | esplees.za.com | udp |
| GB | 103.83.194.50:443 | esplees.za.com | tcp |
| US | 8.8.8.8:53 | stormy-marvelous-horse.glitch.me | udp |
| US | 3.231.248.220:443 | stormy-marvelous-horse.glitch.me | tcp |
| US | 3.231.248.220:443 | stormy-marvelous-horse.glitch.me | tcp |
| US | 8.8.8.8:53 | 50.194.83.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.248.231.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | ril.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.202:443 | content-autofill.googleapis.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | t0.gstatic.com | udp |
| FR | 142.250.179.100:443 | t0.gstatic.com | tcp |
| IN | 49.40.54.28:443 | ril.com | tcp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.179.250.142.in-addr.arpa | udp |
| IN | 49.40.54.28:443 | ril.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stormy-marvelous-horse.glitch.me | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.fastmail.com | udp |
| DE | 172.217.16.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 172.66.47.91:443 | www.fastmail.com | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.47.66.172.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2532_MFBJEXHSJZQJZAHM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | cf11aa0f98e28d7eb664dc836ca61a88 |
| SHA1 | c263524ea8c212ccd2ccf5cf20626efb8be42d90 |
| SHA256 | f7235c2c82b08eda0997a21dfad8d0d6c4968b7b892e5dc2e07778edd661e42e |
| SHA512 | c3f72bf5afb79c2f298f1573cbd1d19298bbe141aa408544b70c65f71cd906a861c565c5ee8e55e18f2fb53dff4cb51497ab21719030f331af35a7a286844e96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7d8b76351d9cf972d4dd892ec04f3326 |
| SHA1 | 71dc41c815e6ffcee02557c66c18f3b6f6f17aa1 |
| SHA256 | 4383c08912e1530ad1ee521b842fcc6db10692c8e56f2ed727eccacc104e4966 |
| SHA512 | 2129be1964c0f327b5d00a78f7ec58effed6e05bfc325ea2625f0634fbfcde6046020735acdb6e56bbd5797949d4e21120514aac8b40b8024c507b3d426c19be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f1a4893746ee9bc67b92af4250d69b3b |
| SHA1 | 63b053476432f056de67a4142c204c321de8f276 |
| SHA256 | 60cec6818a216baf01b1086f3f5aa6f101f2970a0148fd26d967608d1a316806 |
| SHA512 | b6f4c64d74b6a29f6dc938840069e137c4bc20d62d13021e5fedff706714c001c758e972222e384de4babb688269e765bda3737524c155205c47cf2d80d2a581 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 45a8cf4364a8b90d262f0708e242d77a |
| SHA1 | e85e28a8a8b457552a00dcc72e9dd9a581f106ba |
| SHA256 | 1c8e02cb25bde71243f799e73d160413e1a59bec8be91e05a96a75d5dec94220 |
| SHA512 | db0fb0a841669f3d53448e7a488af7fb400e4871f423a20d3b1f2db27dfeffc3c351750ac599e33d60c64e94502548e2edff4b8a85c6b31c8af68909fe675d96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8fe065ddb7c50fcc193f10b5f45cbfd6 |
| SHA1 | dd8bc2ee43540a4a2893468bb9c162ccc4e08dd3 |
| SHA256 | efac3c3ec68d43fede295e632cc98988521b998babc236eaf849550ebd75148c |
| SHA512 | 333822c573d03f400498f9ecba78e0293b56d4844ae3b0dd110eed572e91c2433e2687e351e7e1172e7fed517402fb33e57d2a9dc2952a5458e0c27d215588a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ccee447d1f842f5d6248d3a634c65a05 |
| SHA1 | 66116030a038ceefe0ea57a1bf522013331ec126 |
| SHA256 | a4168b2bc4c7391e31db6d4a71212d6d356a9385a8165e7da3d9aee61eb999b6 |
| SHA512 | 1db64de224ae69e4f4af493f850b5b050ab79964077664845e776660bbc1ec69961b751452777a16b7fcf4586f1c669b123d66d2434d3f668f57ea63c6d07034 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2dff50fe4615ef1cfb3360db2780c364 |
| SHA1 | 74d5f7baa042f3f9215357b6118053c434a93a57 |
| SHA256 | 907d02330a1dfa56be11683d48c6f90e1ba3ea5d68d4fd23016da4fd706bde7f |
| SHA512 | 57bdcbd1366eb5df037f89383730de25702b7499d1c18628fb35c8bbc7036ee1f0af30f53a2867112f1318451436c4bfa21cb2fbaf74e8108ec1de41a738bd5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e732d6abecdcbe90b0ccb6566c772d45 |
| SHA1 | f54f954b2a46242b077c1e44a6c537562e4e02b4 |
| SHA256 | 7859b77ec66dc5fab0273a87b1634061a439ad18db0e585a6c02b55dc744c33f |
| SHA512 | 12e6d81e64db51991fbacf5153693ef183734f1bb6d33d02b3e83a157b9717047afd640c18d78fe8058160ae221419e019feabda0af2bbff4252efb5fb0e6dc6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1e9ce62e4773eda8ce04cf77fc2bf172 |
| SHA1 | c50f6d7db82dc394732649bfb2b22bb9638b2e8d |
| SHA256 | cc4eeedb1bc193ac7ae43edbf5c0f3d6851de3047500e91b7c2bc702dc38d279 |
| SHA512 | 6a6e1348253b2746e330eefecccd9b23915b9b95a26eb54dde64c6ad742d305d2cdd8fdf49989dfaeace47fb2c8b633b5d3d3147946fa497c9e0f476362cd3d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 97335b3589d8dc4eca4bde8a119283fb |
| SHA1 | c59957dab6b412823b957c3f5334a807eea81d9b |
| SHA256 | 6fdf6d9da8307bec8cbc041d70eb8d4717c826e6c6817aa3d54837d9d0bfdda1 |
| SHA512 | 6b386a9a60cffa4a3c985134e265e19d8750137bbfefb822b112f92f7e381ed3bda282c523f196d933ab56b2fe7d09f245e44de7fad3a9297de4b171139d4996 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5d99442d4d3ced3257f6ccaeb6429fb6 |
| SHA1 | 5b31c2705e2b0187f028b80faa01ff3406801bc2 |
| SHA256 | a843541bc4bc1d35b066d42790ee83f5e42b92532b30185880ac3151d5195f94 |
| SHA512 | 9c72aafc4c2520679eda5fe77445cc7bc527419cc015b61b532c35ad1fc6bb772e7ba9e0e2666c823f0e47f864b0d5b0774b9dad3d9c9768d5f2cd63020b5c27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d1bb4013009fb6e57db3fb7e7333f95d |
| SHA1 | 7ce3c1a262755d5d17cb34247a9270662d9e93b3 |
| SHA256 | ac872b4fe0937ed3a99649fbc40c72839430512bd0b989e9bf8e76f014a636f8 |
| SHA512 | e683ae43b52f1e16f0aa32bf226bb843aea750ca6f8d657ccfd8e55595b2bc7ce06a1c6dfd0902494dfea8b591bef024812b2977a32a138d683f3ae440ab09cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 124ecca95fe83030ea6dc8839300641f |
| SHA1 | 63f7d81f3bc63237c18001aa30b10c9147052ea7 |
| SHA256 | 24524347d8ec72bfa56746a21a36df97cdd238094746c4905f326ce4a0b7bb38 |
| SHA512 | b949e0066920c717ed375532c19f799c4f7148a4d50d18f2351d7af8a0b47994ba5b285a635828a686fc45f600ca0655001f22a04b7373f3e10d571b9f545df1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | df4e4ef1a81b6d990cc217e0de378944 |
| SHA1 | 3c5669362b198555e0b4bb455d19aec186aca467 |
| SHA256 | c03c7fe51d80e742534848569b75a17589fc857e44fc2ccae8d61f7c6f1143bd |
| SHA512 | 5aeb6d621cf804628f3f028c305f47dbc410bd9f963879b7201fe66d2c82485e0122ec117373b25487698247ea31fbe35ddd45bd76fbfa5a5b3075ca3de16a12 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-18 17:13
Reported
2024-12-18 17:18
Platform
win7-20241010-en
Max time kernel
95s
Max time network
286s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://esplees.za.com/png/index.html#dmlzaG51LmFuZ2FyYWtoZUByaWwuY29t
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7e79758,0x7fef7e79768,0x7fef7e79778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1376,i,3207564780201206366,15649769014566422520,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1376,i,3207564780201206366,15649769014566422520,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1376,i,3207564780201206366,15649769014566422520,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1376,i,3207564780201206366,15649769014566422520,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1376,i,3207564780201206366,15649769014566422520,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1376,i,3207564780201206366,15649769014566422520,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3204 --field-trial-handle=1376,i,3207564780201206366,15649769014566422520,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2472 --field-trial-handle=1376,i,3207564780201206366,15649769014566422520,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 --field-trial-handle=1376,i,3207564780201206366,15649769014566422520,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | esplees.za.com | udp |
| GB | 103.83.194.50:443 | esplees.za.com | tcp |
| GB | 103.83.194.50:443 | esplees.za.com | tcp |
| GB | 103.83.194.50:443 | esplees.za.com | tcp |
| US | 8.8.8.8:53 | stormy-marvelous-horse.glitch.me | udp |
| US | 3.234.23.2:443 | stormy-marvelous-horse.glitch.me | tcp |
| US | 3.234.23.2:443 | stormy-marvelous-horse.glitch.me | tcp |
| US | 3.234.23.2:443 | stormy-marvelous-horse.glitch.me | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.59:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | ril.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 142.250.179.106:443 | content-autofill.googleapis.com | tcp |
| IN | 49.40.54.28:443 | ril.com | tcp |
| US | 8.8.8.8:53 | t0.gstatic.com | udp |
| FR | 142.250.179.100:443 | t0.gstatic.com | tcp |
| IN | 49.40.54.28:443 | ril.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_1656_EKRHNZBZWVIJOMGM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\Cab732F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7370.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a967f5cc44d168e59ac9948ab70944b |
| SHA1 | fb01057f065d22851a654cf11b6fbc3379818831 |
| SHA256 | a8b4896bc2d0f3aa8ed0a561febd7ee8ab0a3d2cbc866fa41bd73c3713caa159 |
| SHA512 | 43ca7ee4798f50008ab4ccf0aaea08a22a4888509c1e7ba4f526e153a0437b0b0bfc010af36833aa46eaf34e5ee946229373c50b7914270b5637ab787862c4b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01f62040841e4467aa1f806a60c7dedd |
| SHA1 | f5b8324ded112ce475e8438f6222a6a37d5dc91c |
| SHA256 | d40a2dc000b156996a2b1516b5ecb9853d785664413eb98dc5a381d90510a6a2 |
| SHA512 | 91b00316b0e8dde1a4a486d57925a5082f6942465cf648517db23de2b6ed08e23870b415f01e752714e65e1e44ba0af374d27ef6a82911c2befeab26d92aed56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\59042173-c5f0-48ef-8db9-658d4f03793a.tmp
| MD5 | 1735e6bdfc4f6d2d6b694c68ac82fa3e |
| SHA1 | 7d348e96e9931d0650de25997fb1f6dead2b7bc9 |
| SHA256 | 431e8dc64bae7c1fb50343d8dccf49505a603d126735c73069df62bfc84a0a24 |
| SHA512 | d88f9af00f44ae00a512c6ed92008127bb5a22c1aeaaec208c81ba76112c03d36abbc728511ba1daa99388172340b704d4f8f3206f406558ab6889ca84d3f019 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 775121f294a514e9bb2eabd6602179ab |
| SHA1 | 0f8ba90eb0045d750187fc3d4b3272b769aa56bf |
| SHA256 | 5d137ffb0813ccb9b3242b80ec4b3cfc74ee5957dd50a2511345ceb969970aa7 |
| SHA512 | ac28963a3598fb754d1fc1dadaed18d4d89daee3365fb8a9e6b64bb85d9bae0909f9b21629cb3a7f58baa7c6943774b8d0d145110afca7046bb5823237d6d1f3 |