hxxp://example[.]com

Resubmissions

11/04/2023, 18:03

230411-wm463sfg4t 7

11/04/2023, 18:00

230411-wlawvafg2t 7

Analysis

max time kernel
149s
max time network
154s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
11/04/2023, 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://example.com

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.tmp

Executes dropped EXE 1 IoCs

pid	Process
4480	Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.tmp

Loads dropped DLL 3 IoCs

pid	Process
4480	Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.tmp
4480	Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.tmp
4480	Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.tmp

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133257096236959970"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "652"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "23"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "543"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "3718"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberCompleted = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\DatastoreSchemaVersion = "8"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total\ = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 59f3539f9f6cd901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\TypedUrlsComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\AllComplete = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000004a976e1b6b3b3dba61fed43e9379f8f0cdbdd43aa2dd3b3c381cf8579a175124dee21ecdd03f1093ecff7f23049d567bf461854270a24deb98bf77f04a36916e08869ff0555eda3a07b091ef00caacea8d94ff3955b10eae1c6	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "3718"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "604"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "23"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 77d59bfe5145d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	32	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2440	chrome.exe
2440	chrome.exe
6992	chrome.exe
6992	chrome.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
4572	MicrosoftEdgeCP.exe
4572	MicrosoftEdgeCP.exe
4572	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 53 IoCs

pid	Process
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe
Token: SeShutdownPrivilege	2440	chrome.exe
Token: SeCreatePagefilePrivilege	2440	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
4480	Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.tmp

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe
2440	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4480	Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.tmp
3616	MicrosoftEdge.exe
4572	MicrosoftEdgeCP.exe
4572	MicrosoftEdgeCP.exe
3680	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2772	2440	chrome.exe	67
PID 2440 wrote to memory of 2772	2440	chrome.exe	67
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 3556	2440	chrome.exe	70
PID 2440 wrote to memory of 4844	2440	chrome.exe	69
PID 2440 wrote to memory of 4844	2440	chrome.exe	69
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71
PID 2440 wrote to memory of 1316	2440	chrome.exe	71

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://example.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc949c9758,0x7ffc949c9768,0x7ffc949c9778
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:2
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2772 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2744 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4220 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2688 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5444 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4292 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1504 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5768 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  - Modifies registry class
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5956 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6128 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4692 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6396 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6796 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6964 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7104 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7304 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7716 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7628 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8308 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8160 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8008 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7756 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8480 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8312 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9092 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8956 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8960 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8764 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9568 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8472 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8872 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5340 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=4720 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9576 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=4760 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=4856 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5360 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9252 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=4620 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7920 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4772 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4864 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7964 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6708 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9220 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9276 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4828 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7988 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9488 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:6172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10100 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7872 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:6180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=9808 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:6368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10080 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7032 --field-trial-handle=1868,i,3851051056503698616,9314063100459230583,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6992

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:464

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Temp1_Naval Warfare Script 2 - Linkvertise Downloader.zip\Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Naval Warfare Script 2 - Linkvertise Downloader.zip\Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.exe"
1⤵
PID:684
- C:\Users\Admin\AppData\Local\Temp\is-PAFLV.tmp\Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-PAFLV.tmp\Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.tmp" /SL5="$40224,1785071,899584,C:\Users\Admin\AppData\Local\Temp\Temp1_Naval Warfare Script 2 - Linkvertise Downloader.zip\Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:4480

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3616

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3552

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4572

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:3980

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3680

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\659014d2-3738-4330-a6f7-4d1821c5b1c1.tmp

Filesize
5KB

MD5
3404541962bdccc42acb48a62c30662c

SHA1
2c7a62a7756392000274d1ce223cd672ec21c570

SHA256
5fc5801fe02ae51579c3ef9f5453c520d715aa087a61bb32272c299eb21209e1

SHA512
4434f71da004f6688b2ec9dcd239d54ea4af7bf1bf9be7a78d3a0519888085ec40ac6e8244091aa6e15848b0a56ad5427a2a9502ac3ef3daf19165fb6cf6a9ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
04cfff012007209ba74194e4f1c4cb62

SHA1
264a6fde08d1f79551dab2c575ca91ab7da4a81a

SHA256
b49b3c145ce2ce2f52c03b57c5dac6838c486a49d606de1dd33279410890a4ca

SHA512
64e6e2d5baad83eadaa84ea6ef050bc01a6e8baeaa2debb39d07a977d4be6ff4c9c98e8ac35bb09784dab68b247b297e8164594e184ca0fb6ace0d4046dd83f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
8067d29b158be2408828d262d6b770bf

SHA1
95530efb9c755ec1cbeb950d0d06f8a12c27fd8b

SHA256
b7f79d13e0d2eb882a874c1b35dfedd4a224225af820d9d61bbf2645cb00090a

SHA512
3558b5ff517d57bdac985c397c755a7111dc7f4b204159b89add40a07d118411e9933e2a36cf6c2f9b02be5d374a638535731b3eba37ca1b61274c2fe8c5e850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
957cacc30ccda357bb502f65736c7516

SHA1
98695e987a6efa263f4b57b1cfec1e8419b0d710

SHA256
b10c5b228df90fa76f7bb6941141649a5bb4697aa793e86c2eaecdd5ba1b80bc

SHA512
a1b6ee9ebca9e4d9b28df7aeca093767b8c0103908baef65ab6fc9ac1df5e1858aaa5a0d055cbedad30771719f72cfa0ab3cfd63e03e226d04a18f504e640e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6305cecb93a5c820534aae8f4f5676c8

SHA1
21ea499d1bc7929a18fede27216643cbb7de1d93

SHA256
7d0c81d4958210dfabcda6bf5b7cae5fa761745b595fc49971b0959f2792ab19

SHA512
00c57382a499ba1ac0fb02cb9de2ab2be16df34b8744238678d9a05bcf7229eceaec396cf05d26c7feaf6fa262bf9fc5a1b038008f36ec9fefd317f4c048bb49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
e53b7e3c449dad96fa5ca39161d7f538

SHA1
acba35f1fe8b53668b0e8d7cccfe150f2953e4a2

SHA256
d8c6e7931fa74e698ee2bff22c1546708de0bb536d66f9933894d396da1822c0

SHA512
d202b71ee0ec795a9e834ee0a898c1f0e391e90f96a00802963e885c04fdf4679881a21bd22f13faa6de96d8e82c3fc9f4c5e42ec667aefe6b9ee88a3bb86ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
f699ebe63cd4e95315ae4c1dabec7a2a

SHA1
2c1d1f88a0ade61d83928887c3a2bd647869b52f

SHA256
a9600d44f91d56d2ca095d494e35ed473e16f5ea159ec0ac3804aa915f5dae93

SHA512
92b6128ce401d2ce9357fa6c801e3e78f13206ce9f2d40f77ba38da87ed60b0ef7a06a827485bfea7cc0ff7688e988bdbd87fd63f107eb64638d1b24ad032efe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
6eca4e1d75f57074925dada7c9ede547

SHA1
27e3256456e54255546a76f7c5bb332e72a4a8e6

SHA256
2b7dccbb4dca39abe6a58bba5a946bdda2cb7aecd9f0ac7f5f7419fba71841ac

SHA512
2635f769a3366f01f8609c438eebe8cacf24dda1511659d86e961e6193d8de09d7015eb9995ba662cb0177b2cdcf7dfbaca4e79e478bc5b9d501bf5e9f696760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
50d67565fa128ca6c5bcc770359ce924

SHA1
6df0264ea1b11c681e5ca10dd9c49316abf040d0

SHA256
7ed688329ed8facc01ba967fbafdb439d6fbd5dc50934187acbf45adb9580ac2

SHA512
9e4f8090165f5e98449c338c56dc946c6a93d3b9cb829ad036199fc8222bc0f2e06577abcc12d7c00eb2fb835f355b96f6944f04aa5920c89d341461c58dd9e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2ff822b216dfe661e931ea8f9ba9165b

SHA1
ef664bc4861e5bd9a8bdb7c42626b78263ee9d92

SHA256
35402aa3237f9f100903ad112cdaf6c21da639e460aa53c8ef3a4030ad2fe1d3

SHA512
2f822c9200eef6836d6b64dbcc5c860f9bab644048be963bd1bb5398788edf74a3e0703e8f8088b05efdf21a566d1cec8377af6119a80804c979adaa8baceb13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e1c8801073447ccbb7f696fde9475b50

SHA1
922dd884142f92ed352420610910eb6a5647e340

SHA256
65c91636cacea125a1ebaf578b2e507c47df918588d7dac6c768d19c6afcb7ce

SHA512
6e155ea34efc01154f7c9bb45a4db2e3ad2b79436378e78c9caab3c851ca2cb223169aec053d66c7c8ca35c8848206f5cf6da00fbbacfdfc2c8f3bec531fb02e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
465133a7cfe68bb95302a285df47a657

SHA1
3e5d761e3a4a995188c3f4bf4db6be79abab3d53

SHA256
20d48e34ff42358252979fffbe44800eee2527f8264d9fbf6f00b86893fa9be4

SHA512
099f7956b44790366f55a77a0a8efb798444806939d6906240a1a94fdf520788340fb91addac0edf799d20c60eedbeb4be25cf56b227699925965f16a53d726e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
eaa598e030f44798dd333c1f312d7075

SHA1
5e8b39e9bb30ab96bb7bdb6ea0809b976073c6af

SHA256
7f28f317e1078a6564451e232d75c925ddc429dc5b21c83ef637db8116426a61

SHA512
3f7849f21dfaca75239663bad26d57e6cc6bda321c9510283cdc0de30a18b095ab74b1c1c9b9229bf980b64f4d8c0036a7be4a6f1ccc9cdd8b0708a2f372ca7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
6b9977116c853f0bb70b39d71e100f6f

SHA1
dd91d6b7441d292c5f71c90b1149c4d49ca5436d

SHA256
1cb6ae618242a5a5fb760d30d481c8d08a7f838c55b1c8172f0ed6ecae9429a9

SHA512
7b2bc5b8823904488fcd9a9065c93abfa2781d5fd87ecafd74e90c0cee850d23126329d5a12ec4663e1603cf06e3974e680b48acc31b59a3920219cf3ba4820f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
0fb37f6564f1a44259daa05411d03f84

SHA1
4525d82aaa05363318fa9313e40d4c389f56c440

SHA256
d9eeec9f9d25ebb66ef59f62618e02ec93be6b8b3d1b99d39c6ae544abe4c97f

SHA512
8e7c240a41c57cc4424dd9f661b97edf1635850770e8b6e46c0a5f77ab163e6c316bb010bf8f4024c506ff270a6dd4d49397319a79fd7006b5ba17afbddec0e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe576513.TMP

Filesize
93KB

MD5
ccc5796b08b7e50c6ba63a2468d6ab37

SHA1
c99059afc283d91a93cab1e471b8e3576e137fa4

SHA256
e126cbf43eccc7a1ae048ef1c203bc5c74c98b9ba6370177d6e195d181e68389

SHA512
95472e421c6977a19945b0511a61e4802d6ecd57c7b700c10bae512c1133832856af1219f5a99843f6b618c3e27d7c26ea16247b0acf2ca51bcddf86da997d03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MWNN3C24\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
f7dcb24540769805e5bb30d193944dce

SHA1
e26c583c562293356794937d9e2e6155d15449ee

SHA256
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

SHA512
cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4OQ2Q.tmp\loader.gif

Filesize
3KB

MD5
d35d95fc6bd8be33d3ce5da2630b90bd

SHA1
be2fb4098a151f6c77a85ce8c274a3054a61178b

SHA256
dfa608be394c8f6d19aff352185917720f04072ac0412a8cab1174fec4939c08

SHA512
078fa3cf9c08c8bdaa554a52b153a159f537de3ee0ba923d64928cdd99b4f2528b4eb229c1b2352b946ef417efd478b453588a6cda1afc91b374e709afc730e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4OQ2Q.tmp\side-logo.png

Filesize
24KB

MD5
e2d3022fb249af38288c47246bc60228

SHA1
bf7a44230ec7dc0f45e89224a6fe821d25f91f55

SHA256
9a7462e436d86f26ae9c0808b30810b8d2fd25ceef7af24ff09a1af32e63e2a9

SHA512
510d60ed51bc972b6bb3ac80a86d31b6d797a1af0a3ffce068089f0adf39d6591471de7ef7f21ecaccb67255e57bbe04786534256a12bcae5017078df56f12cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PAFLV.tmp\Naval Warfare Script 2 - Linkvertise Downloader_fe-ESs2.tmp

Filesize
3.0MB

MD5
eaf2c9683c1424abb77a6104b339fda5

SHA1
82fe536dc66036a759f620003f324bc726192da0

SHA256
a2c20488f11814b0bb8eb471f364c58d8f16a34fb526b84ccb97d15b98450d9a

SHA512
49d9482bb2f41aa87654d22f3ffc31abed183ac68545cef87125de932cf745f8c68a31d17e142c4a4f0f21e2bf1edab8cda59ba2b1b1827f8c84837352196bf1

Download Submit
C:\Users\Admin\Downloads\Naval Warfare Script 2 - Linkvertise Downloader.zip.crdownload

Filesize
2.0MB

MD5
7dd7a9641fd6fe05b75e117a316a7394

SHA1
92fc2c958c6bad98e5cc3f19dd07b646795333ba

SHA256
34fc4bac92d431175865e38f201438b7647e8f891eac2409a2c8ba76d5396e31

SHA512
0ddd17e9c8ec81ed7dd7b97dbb4b0cebafd6e5d4be90e36ee598eb9887add28b35c7864ba7490dacc5d127ba23fe20b0fb8e758959fa96e3fccbd6052850a740

Download Submit
\Users\Admin\AppData\Local\Temp\is-4OQ2Q.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-4OQ2Q.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-4OQ2Q.tmp\zbShieldUtils.dll

Filesize
2.0MB

MD5
e1f18a22199c6f6aa5d87b24e5b39ef1

SHA1
0dcd8f90b575f6f1d10d6789fe769fa26daafd0e

SHA256
62c56c8cf2ac6521ce047b73aa99b6d3952ca53f11d34b00e98d17674a2fc10d

SHA512
5a10a2f096adce6e7db3a40bc3ea3fd44d602966e606706ee5a780703f211de7f77656c79c296390baee1e008dc3ce327eaaf5d78bbae20108670c5bc809a190

Download Submit
memory/684-233-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/684-189-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/684-292-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/3616-274-0x0000022E12540000-0x0000022E12541000-memory.dmp

Filesize
4KB

Download
memory/3616-237-0x0000022E11E20000-0x0000022E11E30000-memory.dmp

Filesize
64KB

Download
memory/3616-255-0x0000022E12300000-0x0000022E12310000-memory.dmp

Filesize
64KB

Download
memory/3616-476-0x0000022E11FF0000-0x0000022E11FF1000-memory.dmp

Filesize
4KB

Download
memory/3616-276-0x0000022E125F0000-0x0000022E125F2000-memory.dmp

Filesize
8KB

Download
memory/3616-279-0x0000022E16B00000-0x0000022E16B02000-memory.dmp

Filesize
8KB

Download
memory/3616-278-0x0000022E169E0000-0x0000022E169E2000-memory.dmp

Filesize
8KB

Download
memory/3616-469-0x0000022E168A0000-0x0000022E168A2000-memory.dmp

Filesize
8KB

Download
memory/3616-472-0x0000022E12540000-0x0000022E12541000-memory.dmp

Filesize
4KB

Download
memory/3680-433-0x000002F871260000-0x000002F871280000-memory.dmp

Filesize
128KB

Download
memory/3980-341-0x0000017FB3070000-0x0000017FB3072000-memory.dmp

Filesize
8KB

Download
memory/3980-343-0x0000017FB3090000-0x0000017FB3092000-memory.dmp

Filesize
8KB

Download
memory/3980-339-0x0000017FB2FB0000-0x0000017FB2FB2000-memory.dmp

Filesize
8KB

Download
memory/3980-336-0x0000017FB2F80000-0x0000017FB2F82000-memory.dmp

Filesize
8KB

Download
memory/3980-328-0x0000017FA0A00000-0x0000017FA0B00000-memory.dmp

Filesize
1024KB

Download
memory/4480-280-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/4480-236-0x0000000003930000-0x000000000393F000-memory.dmp

Filesize
60KB

Download
memory/4480-234-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/4480-222-0x0000000003930000-0x000000000393F000-memory.dmp

Filesize
60KB

Download
memory/4480-203-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/4480-290-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download