hxxps://moneyz[.]fun/QRNhDm

Resubmissions

01-07-2024 15:54

240701-tb7fysyamb 10

01-07-2024 10:45

240701-mtdg9szgjj 1

30-06-2024 19:36

240630-ybkpeawhmp 10

Analysis

max time kernel
274s
max time network
280s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://moneyz.fun/QRNhDm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643043311416070"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1652 chrome.exe
1652 chrome.exe
3068 chrome.exe
3068 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exe

pid	process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1652 wrote to memory of 1208	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 1208	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 4364	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 3724	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 3724	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe
PID 1652 wrote to memory of 5000	1652	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://moneyz.fun/QRNhDm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea4379758,0x7ffea4379768,0x7ffea4379778
2⤵
PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:2
2⤵
PID:4364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:8
2⤵
PID:3724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:8
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:3620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:8
2⤵
PID:4524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:8
2⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2768 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3724 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5280 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:1888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4972 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5628 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5664 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5700 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5768 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6040 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3240 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4620 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:3268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5736 --field-trial-handle=1884,i,3083295194400679519,11430960336052620923,131072 /prefetch:1
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4024 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:4360

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
55KB

MD5
97ad0b8634b6564f71b76098b702611b

SHA1
c29ea74a4564b5a73ec0001973c81a61851a1c68

SHA256
c9c750c011d73fcc086d165c9f1020de2bb4e8f0c02cc0b84e40c77ec3f22f3f

SHA512
164a1c30730e4a32ce9f3047e4e662cf09ed7d3e737841df4118f1d07128df7e6fabccb61ff3694d8deda34c8cbb0ad1d5da07ef1a0949c47c807cbd2b41c1e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
69KB

MD5
57e2cfe5a7b6cafb1faa00ce5fb0a413

SHA1
4122b483d564db05d7ca696ad6270ed19ac03f04

SHA256
ca704d0e776064802327ff7aca267a1eac54f8cc2c01115af5db5c5943cdf8f7

SHA512
031490b45e93830583e6af3634aaeeb01341c6e588cfb0b535a0c566bc58139e41dcddd718ac7ec6c89757dd8fd10c447a569f378f4d8d09f297f0006b48ebbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
288B

MD5
82b53809d879161ed4b95b1104682fa0

SHA1
8e7bc4f3870778e2402678e0a6190f802ba633cc

SHA256
d0817982a9593c0d94d2a67e656c6337f81a02cdda094f9b13a03a72c355d680

SHA512
cd4c79676e784c55abc10b4e2efab29ba2965bb74b6b29e02d121da302afc1c9ccf12b03820eb757985b291db3d7dde992236a661aa388bc7f2c9f21383f50ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
0b7025da355ce20ac5469af5d59332d4

SHA1
7ea6e4e8c115f0b53a335ef6ae58afdb96bef8b3

SHA256
8709d351a84913462481bd8b133c787c5b72aa970dcb7ecc0b5a20ba9c623465

SHA512
2c0fe8bdc8f0dd1763e28115599492fb71034ee23ca7960ded0563dbd42c500a5198b4dd3300014187e818dfe7ccf2ba8f4004c2f7727935a862167050b9f7b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
e1e48236ca2d6ed214840b6c2f56e4d1

SHA1
3241e7df3df4a598a23e9d2ec438eb9163fa9b2f

SHA256
0b5a4890558d4c8d48937d59387f548c7bfbd0031040d71152ccc69d7c6e1e69

SHA512
5f97d0d64d9c8a47b351893549d3fd9522e98af1887e34cc0b63d5968f514772d60e0e4831ad27b4721729dfb3450913ab4bebbcb15357b3b1fdd612c3c96cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
c6424e031ecd071cfd6388b93dd636d4

SHA1
60be09b85c41e8c67582345338b601ac97be26ce

SHA256
ea038d7aff6d39ba5da736c17ea237dd4a66081851c4a56018719cb5ea8bf5a7

SHA512
604fce6235cc2609fb74388c3f467e1e36960727a67a58f2b3c9db02268bb11873d6dc83acd991fb5f5443c8e45cabf34158b777871d695af468e64de25227b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
18a9f2ad077b8d8ab7ff392cd7e1011d

SHA1
f1eb71d3e3e2b82af82f0163df0941a68593d29b

SHA256
2b5cdb0ac222281753bc4a09b784d9d2291ceb31aa230a20ad5d9f3f7e2ca132

SHA512
a2bcf67a84e1998d9c3593bd284b0dbc3c8d50a6494aa1db301de2d0aefee95cd11392bbfc54210a23dfd74b9194e1716d45b5d96eab77d419615e311b5e2a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
874c0d97bf0c4c5142ac2b92045309ad

SHA1
baad071c166334cd83011ebbf79839994b1b5b11

SHA256
4b984baed9dd6d337e808b82830eb011937ff197820094e3b699f54ea0b16b55

SHA512
e023845ca5b0b0322216b1e636726e3c5acc199bc57a2a4a7251958683182893146d82dad97b3726bf0ba8bca32333328eb55fc1d09713fb00801cdb9bf671cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
dbca701dffe46d57c05e23c29a8ca3d4

SHA1
fa1843683e4e79b9abc5d62bc9190520518c1e7a

SHA256
983b050c9ff2d891cfdc0ed995f2b5f7cf5f48630419d1d4ab389118f28837c7

SHA512
ccad684fa919c3bcf5268b0ceddfc0e676d489b5a9c982722cf7406b7723fe1b9755f97215d3a893743bf3d3f3125a83f7772fce4d3f82fa9b11e21bbe0212e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b6d212c0ae4aa3f8e3136aa1ca1b0c5b

SHA1
d0f1dc6747d30a971e00f0d4d49bddac25c052dd

SHA256
fcf2dfdeb218c98617a8cccf6812143235912f41c093a995f02e607237a58fa2

SHA512
0df916936dec0228dcca55a91fe1fa34642bb8be973c4490f94dc5d5be67fc6d8c444c408c4c0ed0e83d29df479efee2d23f9e974f6cd1c147056951a3bf203f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0f10e897eb086effbb926c7c8ef806eb

SHA1
afb0320f9c695ca9fbdbe847eee3a4f236ce5fdb

SHA256
70dd1e9508ed582dc7f6c7abe60e963bd5b0e3671bee7eb6a8a2bb376652ed8c

SHA512
be426c3cf81894fa1d09b214aeecb72cf3afc55683100817e856604376a06cc0a4c8ddc124012ddb75dd6e1b3e63fb1a7e141a5c65bb95e3bc24baebf6ce599b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
dd7fe27671ffd34efd1f2d478ad8914a

SHA1
aaee3f93183f271b8d13986e9f027197bccf73d0

SHA256
2ba950161dcbf6af842a579923742e1c517e917e45ce34e656d713aae2770aae

SHA512
3ebb42661ada8531746d4a51f91f5e18249e6eca71884d2205363afd386fd4a87bd7f337361565e7ee9ae7f1c3f87fac484a36ed8e32b07944385eb37a52d357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
347005417bb294750d2be4c20ab3e1fe

SHA1
7a51738fdb7745a2494e103e4477468413d8db2c

SHA256
5cd216f71567f8271f6f693974d811f6e40d99304ee222ac25aba4e61269d087

SHA512
96c322aec0c876177a88ec18563635ce5d6be0b13686d4284ee515957ed8f1d912d469a968e0e54dc47c9d986ebeeb63bfb1e3e72e2ca4998e380c905037f780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
5f5471806f632a353ae7aecf3b1c2890

SHA1
775e0004faa54da4ed6637d9773524470bdc5056

SHA256
f473e919f078172e5ef05a50f2e585675e4b6f274ac47219c6010f491b273d1f

SHA512
09448c953283cf41861fb5825462ba8c616b655798fda29981fd0d94be56c1d1b0b41e98680c056302c6b5746ec503d86f917e25638c542a759bfa795d268cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
924056e2e0978418f04bdde807c3750b

SHA1
0df4e24b954f5a4adb4bc8b8c6da53d4ef611a1f

SHA256
275f87bfe7d7b3826850632382f2b3ec278733cd78bcb83d6c3b48f47eed9f59

SHA512
6ab748e632c9d5f249e87ab40e893d9a1775d5e77ebf36f801b6df82fc0eeae57a40a669e57940698d71dc46271f187778f331c456014f56a1527f2beeffaed4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f2fd575e81482fd8ad61cb5e521450dc

SHA1
066fa03cb19afda0959b6524a1d19f54cd6bd281

SHA256
31fb53a11e88646e4b03bfb5507ce68a3c48c75afda5d245171aa780a972aa67

SHA512
ec6b39fa97decbb9b767d4e976367501b6db64823f4e504368eeb6b09492dec1b1e3ff35650c1a8bac797045991e4a00c161ff649de283871bb8b3b01c34a33a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
7a7412a395aa1f340366976f4bf3fa3c

SHA1
613212c7ad1a7282f70e523f952e2f4c1d3143d0

SHA256
07a672863d9e078a2436fb5fc616d7aca9b745261295d3111cb7e04e6a77064d

SHA512
1e18984c308583973467d8a6e1df5d8b947279f102a6b4b95b2b13a050827d495dc2cf9188d3aeb3a890b012562f952f86348f7a6ea5476e1dd8f23c8a1f8845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
aa3ba302332013ee920f6f6e7c970491

SHA1
9c05f0a08af3a3625381d3073c37ee345f1005d1

SHA256
6a292e541eb67115a417fec02c936dee80eed9841070839488b915757c41dea2

SHA512
16921003af6fe231c9d14251cde1e450019012c1390a7dd38784ae8e3eb5126ed0d1faa1ff2ee817a39989bcbbb0a71afec34aa862d202cca90cc328aa877ed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ba5f7fb0111d6ed0ad26ff275d361a52

SHA1
e4b27533bb0b1c0427e634c0e6eaf8636f1acb40

SHA256
c1507a8ff4337459f8fa44befa8bd6f00645283a3b7ef30cf4f68419245995fe

SHA512
ccb666bc5d00f6879bf98f7bbb14cc4cc8df5b79bdcad548d9fad187b94a08a16d3a834b4d20e5137d3a986ca524bb742ddda6ecb871d5940f0fadb5f695d806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
159afb5ad7e34a70650891d017ae9070

SHA1
76e9bd1af3f9d9401ea3549e7e2602f5d8354f6b

SHA256
f3bed1ed9debae06845c4981095426d82bc0e60920c7e7aec24a28e609ddadd2

SHA512
edcc90ec91e1a826f82437955544a8af1fdc39bffc5719361adaa5475aa038bfd20cdd91efb5a4b665f363137b4562f0dd155893693a257dcc52e7256b3616c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
5KB

MD5
f0988dc8cf03bbd48f7d1870700602fe

SHA1
d68175bea6fc6566956b07398ff40d0d2324d97c

SHA256
0d50f7cba97bb4bbd4468ba3b77772b36150c8f79e610604bc0aa848b7663830

SHA512
dff7ea7b59aa904fdb82bd2af42ab069aac9bb78de3eabe69777ff5b0097b98b7302234aca3a70951b02b2f4138954e18c493f4da67e046890aba777fc5c0b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize
4KB

MD5
e5de60a4f31bc3569a0f8cdcca03f884

SHA1
2e93bd8205487a2bdc060adbf288934a06dfa3bf

SHA256
0f2f9f7abd33c50e9ed9939ddbcb992431fc9ab7f1d1430620272d5312363f1c

SHA512
2666816ac1bafebddfabc9693e076b041e5dd6897b502ec05fc7c53b5e6138b79f2f27e7a103ed46f9769032fa467c286e65b95cb1b7ab3b7be317bdabb75591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
Filesize
4KB

MD5
2bd09c78a20651280c155fe0e77d01a3

SHA1
16834757c1453bbae9ad9b25cadd6f0394176f2d

SHA256
ba4146381d62d017936116fe8f60e2622959cbe20bb713ec24f490bb9e1ca452

SHA512
868c796c713bf038358ace7d8aa20bb5a6f9ff4a090224d4590ae4710dafcd146a699a1304762a115b454deef2d6fcb705ccab798684154227643363ee5fe83f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
fa7534205a271b95a7aeb52fcdef7e91

SHA1
d6783495cb4660a6c9e242df239169e7b98b73c7

SHA256
7923276e276454454d1629b003a141fcf2c4dfd46d2ee8cf26984a620ad7ef96

SHA512
3ef786906ef76626b48762fc5858a4b529e107d169ba6e52bfadb18d8809716d0ad4a39d9b12bfa69a5abe0b8d56216a6e0b870fda3c7a06faf495836a0b5350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583e7b.TMP
Filesize
72B

MD5
1bffe27a2bffb7859d8305ec47f0b810

SHA1
e68581496e3a69a8b8f91d7e6d14025b48ad5862

SHA256
353bd28754ba8d8a498b2da296eb1c4fab597c3df42cdc480165dfec3e457a70

SHA512
9228c39595c8c825d961d39c2e74d4b32bde85dd78b8dc0f0892656572faad06eb71392b308a02f95fcec037c7476c48490e56fe8b67d2f292ef09524091e346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
1eb3f1d22759441e1dfc112862fb2e35

SHA1
4448b50eb2e9dd62497d4f40dbea05aff7eac87a

SHA256
474e1fe1ba1c725ae3e80e9778445abb414909928d9d5c25f2aa74ad11a0ae26

SHA512
3492d3612300688968201b372a375fbf1ba9363528c5670c78e0e7c3ac5109e2307d56b20a5ff34371db9f272a015062d83c2d78c6c6a27ccb39b0bae3d9fa67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
5090e0c02920b05d538d9c3de03e3ae2

SHA1
3a224d108cd8297c09604d85abeb9bb8b30975e0

SHA256
c6defa05a9b24318a0c0b0fe3cce50e8c328c0c763f43b79cf2cb89a152ced43

SHA512
d906505e01344f40065512ce8ea0a96f8b9463ccba2c41e6f87282c60a8f265875b561f2929c28e34c1f41668fda44c2033395ff66d1d1d5d2cd4b2909545560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
3fcf2370802645829be4b589c1b99c05

SHA1
15e1f82af939be8cf09537b55475b0f3b1d0a99e

SHA256
8ffd5eee5f91d67fd5f13805f785768266d5299bf8ba436add29a634a672185e

SHA512
acabbb21b8af52cfd982cd10103698e15fa460b623b9e2c43e8ccca75cc4e017f688ed4d451a53769e3a414dad37cfeeac4f04be1cabf37f379ed4f9d5b8de7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
0d81449b99c4d02087465d92a41ae16f

SHA1
b08e2633f76969af882da0acc59b8cd0b16f1e6d

SHA256
2d3eee30cb6ba2dee76adf77e3f9674276db849fa151fb2583960a1e1acdc047

SHA512
8e257b0bfffdf11fd053aa4713b7490dc50b899883e58b84ea5bcfe8881783ca474c2728c751d537777082167c770ad0156babbf16fddfe64c4c465b4a7af183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
70ec29453f3ab854baac2d67803fcddb

SHA1
f27c0cd0e8f7bb49bdb00c3a95ad73f6f14e1485

SHA256
78c7e9340ffc5c56df0a8a4fd8de45521a5ed029c9258b9b3038e1db56558ce6

SHA512
3a546a7f85a6eb2d96d34e8297e61b7e5986a0672754930cd3d3480c39a2fba16b6c3942e9b357cafbe2afece90707f3353398d658fa7a0dafd52a6959f58b08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1652_YVCRSVFGNGZHZHCJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit