Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://mail.kb4.io/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ

Overview

General Information

Sample URL:https://mail.kb4.io/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZ
Analysis ID:1486301

Detection

Score:22
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Phishing site detected (based on image similarity)
HTML body contains low number of good links
Invalid 'forgot password' link found
Invalid T&C link found
No HTML title found
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 6252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://mail.kb4.io/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==?cid=2106172740 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1912,i,3803306437769763996,1968567763980251616,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==Matcher: Found strong image similarity, brand: GOOGLE
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==HTTP Parser: Number of links: 0
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==HTTP Parser: Invalid link: Forgot password?
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==HTTP Parser: Invalid link: Help
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==HTTP Parser: Invalid link: Privacy
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==HTTP Parser: Invalid link: Terms
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==HTTP Parser: Invalid link: Help
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==HTTP Parser: Invalid link: Privacy
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==HTTP Parser: Invalid link: Terms
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==HTTP Parser: HTML title missing
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==HTTP Parser: No favicon
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==HTTP Parser: No <meta name="author".. found
Source: https://secured-login.net/pages/4c2f13e264408/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 27MB later: 36MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: global trafficDNS traffic detected: DNS query: mail.kb4.io
Source: global trafficDNS traffic detected: DNS query: secured-login.net
Source: global trafficDNS traffic detected: DNS query: pluspng.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: classification engineClassification label: sus22.phis.win@15/12@12/135
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://mail.kb4.io/XQlAraGFuWWVqM1UzeXhHbzVFWnBvVEplMEEzeWFqSmhXcmJxQ2UwRDN5SjNoWWZucUt1eitWUCt2ZmZzNllobFU0cG5VaTA1QzdZVXM0YVNqRjJaNXZ2TDNDQXA1ZEtmV1ZBbnlackpZVGRPUFZLUm1wOEZHYmg0MWp0QVFiM2lOU291RGZLUlFoZkRhT0NINEE2SFZxRkcxZ1Rqak04U20wbWhSa3pZMVhpY3NROXB4enYxL2RVU1B2bz0tLXJKakJIWDMzVS8xcEFveUstLUZ3Z05rRGh0Umlydi9waGJRcUpVeWc9PQ==?cid=2106172740
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1912,i,3803306437769763996,1968567763980251616,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1912,i,3803306437769763996,1968567763980251616,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
3
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
1
Extra Window Memory Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.