hxxp://outoctillerytor[.]com

Analysis

max time kernel
209s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 05:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://outoctillerytor.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133342187400664008"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
2944	msedge.exe
2944	msedge.exe
1464	identity_helper.exe
1464	identity_helper.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
6472	msedge.exe
6472	msedge.exe
6472	msedge.exe
6472	msedge.exe
4616	chrome.exe
4616	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe
Token: SeShutdownPrivilege	5616	chrome.exe
Token: SeCreatePagefilePrivilege	5616	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe
5616	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 2188	2944	msedge.exe	43
PID 2944 wrote to memory of 2188	2944	msedge.exe	43
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 4540	2944	msedge.exe	87
PID 2944 wrote to memory of 2240	2944	msedge.exe	86
PID 2944 wrote to memory of 2240	2944	msedge.exe	86
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88
PID 2944 wrote to memory of 2024	2944	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://outoctillerytor.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca57846f8,0x7ffca5784708,0x7ffca5784718
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7671844885295720166,15285543968642069239,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc927f9758,0x7ffc927f9768,0x7ffc927f9778
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:2
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:8
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:8
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4864 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:1
  2⤵
  PID:6408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:8
  2⤵
  PID:6448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:8
  2⤵
  PID:6528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:8
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:8
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:8
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3952 --field-trial-handle=1852,i,13326488467321816296,15856455176264526744,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5444

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7107f826fb37e49f895da8f89eb765c6

SHA1
842b9d938bdd5903217d602e9f964e62e46d7f6e

SHA256
373bd49cbc822057f65d94a0592cc9aa7b6603d65dd5d05dcb4d305df2ab931b

SHA512
3be402579a831f4d20bf1457a0c0c3ba7ed85fe01ed55aa904925ba5d363c73addd67f316bdd861796d48391d44ccf10fbc637452102c5c0617a218022b18f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
8a190bac7bcc3fafba136702ea1c9927

SHA1
4f9492ff82ddc2850dfcc90465b171d4ec6740d5

SHA256
ecedceecd02f6e054c2ca25b8866ca7fb7b3400ca1fb018f31a06f456ccecafd

SHA512
4b71216f4997c0ca2ca705def551040ec0210b1d2b70174289225188d9d13e1be28cd7f775cce4f5ac19a8f3b647dc51d4c003cca7099efbd82b61ae28858075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a3440f49a08d76c70a5bf5aa81a72a38

SHA1
13649f311a217b1cd863384cfa27aa4730a72556

SHA256
ab7de353edea21fb21618e7d0e51bcd7e315caca6ffcf608aa7bf3d8bf450197

SHA512
a70c072679c64e2ce85e36316f5b687ed8f92c13d4ed00229dd5d3a1abb2789c85bf8ffe88cbdc7728099d266c48c0b318a6e1d8c56ed1b652bcc7ecfa2329f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3e8187e1d4b052321e4bef2e1144019b

SHA1
8a9a050f07e2457aca14781a3180cc485aeae8b6

SHA256
f1bedb09ee50224c9c8b64693322ec53d4f9c9ae9a86a800dbc07a96f409c37d

SHA512
2cfeaade6c159da840040eeefc1fa859beb5bc68e0f912ac08fb9cd656f8b00f0dab5bebf146c6e4cbd839b870f3466df72a054d1a0449b249c7f29379430ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
95fc97422a12118286d2a10d89aae354

SHA1
75d9cd05a4f576eb4d30b98c78180b9832fd6119

SHA256
16727f6def6247318ad80eafde5acdcb35fd34c877344126f90061d155dae220

SHA512
d0cf6276fe06b60d8e07350cb5c7c031c4e754f0865f348c11e74b039acf290c357d41033b6f611035ac72cd5b8a90f884ac47fc821d42806a09fa720f470b51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
f73590a56dd19c6a2314ed41048ff15e

SHA1
6aa4a0317ec4c19149e10eb261f741b0527a6a4b

SHA256
9a8cca28046eff9ab342a30bdda648e90a0350d34f36153164d7f93bf7d5889b

SHA512
32ba77d0fa49091469fa5fb59fb0ffaae28f71d9aaa7fe04afabbf9a8b6b775e56d1435cdd7590d96f1779c8f6c7d28876682b1f353c680e4ab462a90f08aeb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
8512ade8f15867fcca30085e0822d61c

SHA1
46292f5a1cafc8d07aa8ce8149b3bf0f577056c9

SHA256
6a3caf5b60b8d90b6a9fc74050f60d40790daceddf03346eb425dcc7fc1b6274

SHA512
85b9e2fc914dddcdecd7e8c29452855851d473d33a8d903accef3e074e3ba049612b8c5e474068814a8e36e34004b5459f3833b43b6ee6471acf7eb64019e097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
180KB

MD5
d651717355244664bb6b61e523de177d

SHA1
1c85cd72632ec00f1f966d95858f6391947aed82

SHA256
8ce1dec0a20f03c3d680271b038df9dfdbc70ceb4a0f5ce09d057d8d910edc46

SHA512
a30904897484b618bdd153015093502c3c219f3c9cfb6864e2238c198e695635b8ef9b75492292122dd3df34dd2618959927c0c3b46ed095ba0e08947e2cc802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
179KB

MD5
b3456c4865f2006a0e281549f9efffaa

SHA1
53e035e215634e5df2ed815805cc4a08aa2f32bf

SHA256
5154be8c3a97882596a29888245f7cc9bbf7c671b6bd4cb2801c6ad397e8bf4a

SHA512
af52c47a6d3bf8827c2794e5f0f72a05f6f69399459c0fed180e636dff729477cca18fd2d28fcf69b4f54c60560378642f4daeead7b3b8146d9d87a4af8bac5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
180KB

MD5
9c3210963942cace4bbd667437387116

SHA1
74f80bd3d000db929966760b13c2c6c829cf69ef

SHA256
d2fbc933172828de40496651182d9e7ba14b9e75db7c311dfcf6df409ed10b38

SHA512
0e34d12f7e4c25ce762fd83a99b82029aada4c47a33d0bed3c8d8565c8d36c089e5ee5610eaf93fe957aef9380600da478aa407e338e05704277061a266ed7af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
af0bb7172f2e10b303551bfe4ae5a923

SHA1
4254473027d7032a7dd80a0b4d2bddd5a3b127e6

SHA256
7cdc4621f1a82004fe881f9f37bf33c4fc14269c9218e86ae06433cd8dcbc7b9

SHA512
d4cfd12cf817ea39520164d4fab02a61983918a2e8c249f1ed46f6eaf82ae64dda55ab671a21e42acb9f0fe2252f78e55af773eedacf126bee5ce9a3547bf566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
536851db7de3f491f66675ed2e0c8a5b

SHA1
9ad4cf056bcbe8dca36cb55ca804a67b4ed5c32f

SHA256
7bb4934479e7277649572f24d030b4724f3f931e9f11c969db459c3475326da8

SHA512
22988eee4df6fdf95889f783084097cf439fc4c4acf174e238f8f577cc7a1415306ccb62952bb5581b8e5e5c322b1a5f5da392904d5ffdcafce1d0878d548f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
96f00bbd6a174879c58220f95f0115f5

SHA1
d3d7f82b0bf27daf1b3903bfe050c2d05422050f

SHA256
644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

SHA512
e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
64ad184338633f4a2fa35bc775b339de

SHA1
c13d042cc5f4cf1a132b51c1e42252e054e1e948

SHA256
672c501e6e60b288e3f8b31350b7162852ab8ef9ce739b1381461d6ae8d659ee

SHA512
f469c4b078c683826ba42d872beeb10add764be7a298a14be5cf31cd5ece1cc396a2a82fd1360f7c7994feea2427434e552ae884e0aba5a2d2858e9c4f867dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9700dccc95831ac10a3f12abe69594f4

SHA1
229b004d6cc5e1f569c5f6ec3fe00b426358b8ae

SHA256
85be4c7a0c265be773dae8a29626e4e4810fc8463260e3fc0c97846d42041aa4

SHA512
7a001e22376e63e0e9bc83ad320465967958000657e8099572bcaca8b3152886a8f12e4a27fe32cfb5f82467c20674d01f155659bb419685a25970652f4f3fbd

Download Submit