hxxps://www[.]microsoft[.]com/en-us/software-download/windows10

Analysis

max time kernel
90s
max time network
304s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-02-2024 04:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.microsoft.com/en-us/software-download/windows10

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EFE3C421-D397-11EE-B35F-5267BFD3BAD1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe
Token: SeShutdownPrivilege	2824	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3048	iexplore.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3048	iexplore.exe
3048	iexplore.exe
1268	IEXPLORE.EXE
1268	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 1268	3048	iexplore.exe	28
PID 3048 wrote to memory of 1268	3048	iexplore.exe	28
PID 3048 wrote to memory of 1268	3048	iexplore.exe	28
PID 3048 wrote to memory of 1268	3048	iexplore.exe	28
PID 2824 wrote to memory of 588	2824	chrome.exe	31
PID 2824 wrote to memory of 588	2824	chrome.exe	31
PID 2824 wrote to memory of 588	2824	chrome.exe	31
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2552	2824	chrome.exe	35
PID 2824 wrote to memory of 2476	2824	chrome.exe	37
PID 2824 wrote to memory of 2476	2824	chrome.exe	37
PID 2824 wrote to memory of 2476	2824	chrome.exe	37
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36
PID 2824 wrote to memory of 2424	2824	chrome.exe	36

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.microsoft.com/en-us/software-download/windows10
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d19758,0x7fef5d19768,0x7fef5d19778
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:2
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2360 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2336 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3196 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:2
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2804 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3836 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=932 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1336 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3700 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1076 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:1
  2⤵
  PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2476 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=720 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:1
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3648 --field-trial-handle=1328,i,12830302134572411468,12078476178438308680,131072 /prefetch:1
  2⤵
  PID:2948

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:944

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2072

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:908

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
37d2fb91d54ecaf14230e17efbaffde1

SHA1
e6990a2109713c3562f7b66ffe90a8532fe24b13

SHA256
d453467a44f38beb08f7c11c6e54d67ac3bc476300baa5f68ff1663499357ab6

SHA512
d95623f07ec91831a8967b3c7dceb3e63dc49e5be2f1c0341ad7ed89c5d4d650e1b4e90dfa8e56002045ea23b50b65b68cce153d65ab33b5c7b8c10064614f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b2b9d9abe7a5b6d9b00abc1cf4ba6102

SHA1
6a3f95f5544019f5e5ef06d50b525de9e0aa1cf2

SHA256
96654d1d44048548b77d9109aafe220bc2d3662b6d19a2b80c5123cbcf5cfa22

SHA512
54b4baad51e6c8481eb0942e0ee70f89817318cf6c452af6b1db369c6601ec5bd498050f988e1f5ba82b58c6cd29ff4cc36d5493d81e0063bcff15ae4e368b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7b4856.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b4fecf7b2b0ab9e23e2a29e87fa36924

SHA1
c495f8dbf4381819ee5d9ef8e9a15a0c2d635e27

SHA256
46018b89eb6b69ac71130ffed3567c78a72d8e28f2fd87c0af03c8553b094db3

SHA512
1beb356a1e7940f4f97791f1a448d7317e12e3b031b457523ae60c2f1b7cff88fad9487bff06c9fbdfd240e4f9e10af6eae73001459d8e5810758483fc46d355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d76ade46822221a21cf11d65c2400a4b

SHA1
7a3fca6043d01bc43c5c260de54f2ca28848b062

SHA256
7bbaf18324d7f6795f3a5f11c0506a393896602887e7d5eb8ced858f5ff5cd9c

SHA512
3957d36fbccb6344b50ddbddc4ca839ec14cb1c0d6107a0b7acaf24612a10a1eec7afd34aa65e0a3ce209fe944b59987d8d12d3838018d49cd8f1c9034132247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
40fd72dc8029065b93f30086490fb6e9

SHA1
2a2a58af1b7529345af48f0dc836976397f4c6a6

SHA256
4e878582bae10dd8f525480210deab4f0354fc34a46c8aa1048dc61134d99f01

SHA512
17f7105601ac9c3df3e3b392af79c6dbb8eeea9389bb2aa0b6d7d49c21075be14076d904533a81c1e5923579a566c1e6767fa6130cef9354da511a84c2d19266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
4d99614e1f884269b1c398ebc0f183d8

SHA1
e8127f8adb9e076b1fb144d3471c51c7ec8cea4e

SHA256
5b39a1629b193b4e43bd00a3f1a9980442c6b05b6e3e158f508212ee4fb65558

SHA512
11864806e4049cff8d7eb1914e12257dcafb7602d4bb6e0529499e4022e5cbe6f77b35f8e5104bcca4fe42aa9426b7c9e6a46ed52d508490b6699dfc0960560f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
cd2a4eee1ae7cf72921d1ca87dd3f180

SHA1
f206cfd9207180828ef0c71d538f78b5d21d181b

SHA256
5b565cc628f8df8f503fab26c26ca7321e296b3496cfc14f4ae2638ebd7ddc65

SHA512
fddf60aa82eb06e657f6b9608dc09b12c0d57ad76887ea6d8fa215c1ae461a4893568f6901abe9471398a9c85ee103112e49471fceadd8b57be22d7ed3461c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
5e4b9a4b550b50d13b8b1b2ee115881e

SHA1
42dffe0de4f44421273ed9f6d32ce6cf476458fb

SHA256
8544e437c2b35e672e9f9bd3434adf54a990b4391fac63fa73d9e65010986726

SHA512
50c9c672599573f386927057eb9ca42dcaa785c9b90938623740e7332ba86758afa9c3a8b349cef2a3c62f9b39e8a64fd9dbfcdd2c63bbac8381fe12d3a15ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
76c1663697387ddbedd1b46b2d3d65cf

SHA1
ad5b32f3099a78525632630fab5ffd9cdacffdf0

SHA256
6e71699212beb50d55b678787d0a00647ecad5e93e92c0c1467b4144865a2198

SHA512
c93e17f3dca9f96c8e82e9fbaa546ce86e89dd37373ec7ee92699e9fb93032f94381de4d8b56e0885d0f096f5745bf30efe4200eb72fc47b4ed8ff013192b612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
ddc356fbdd03bea5ca00fbb688d16dbb

SHA1
938e4838c3db6ff213de00bfcfea308aa9e5d587

SHA256
cc0bf2d73202834b63d49d753d4d745c836ba188b1761fff0696185728f1945a

SHA512
57a1c39f40b8d41ae534347de7dda2d5640495e4480b3a514f8b2e76a0be117ac44b19ab823781899105938d3425b1a4aeb37ac521b096637bb6ff43e6f92723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
9a2a92be69b7170ed8e4431cf4fe1433

SHA1
b10ce11f54a76dbd5818ab4cb74fb7b71218291a

SHA256
4ba1bfe06faa59992f7492097eb2e3a56239d6465a4833be295df221bb9b0683

SHA512
a82a0ae2f2d983a6ee1db34065ef35eed7e304e6c2d3fa332cf9609a1ba9cc8e250c45efb17b568cdf1de4c3af9ca0e533646f52bde32ff516ca5130093a55f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
bdd1ac58fcc91e90d2683b1169b8d541

SHA1
a810f1f9d8247fcf678611e77f095acf2c462649

SHA256
0e565e7d83d68e5c0ace37744371201b00fb89f55efaefba29ebb6ef9d867701

SHA512
6fc4374da13f714d0b84169d2868bfa8aedd0ef40859d58929be17ec207b6d1d642b478a92fb878f63fee9ae5f62c2b967a5ede28b4d643ae1a4829d918c4c9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8b0036dedd970819f6be378f127b03b3

SHA1
14a510b99d8687eec48ceb27d7ea2de74109f9b6

SHA256
212901261900f01bb7b3a3bd91f5d18a2166bda410199b253895ef5835631846

SHA512
0390a43c7d8b8647c5ffa5fed93bfaeec7d2c7017f2de160d611903f0eec432a5876aa123a439a5bc9b73cac22bd045d01b193a4aeabb6ddeb8f7646d18a8095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f0f80f53c13e6334c7f3dd84999492a6

SHA1
bb52fa25e14e0ea743e3ffb4b9a0b4e1087d389a

SHA256
fbf2c67cadfb8a7e1ce98256b613a13780b96b38cb931189dccee75a89dbfa27

SHA512
6566cf54f9bf66b991f0d0c1ea4e7354ae3618e7ba4aad3197ae365c967fc8b7bf762173c8d54a4cb51e016b76f8ecd2b747c021f8554fafce36193c13306617

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f2e4a1d0fe0659e59399383818426b28

SHA1
17425c40503f71bd92dc4b8f3f923acec5f6b944

SHA256
f6a6aeab9bc873db54a79525a366d93db87f8e5b202425faeca1a1c7b301f71a

SHA512
4673b46b2b82f18931066858d3b7da5b43a94482ab1ed42420b669bc2396d2e990c05e458017fa29a932982981b1ad379d6921c4a5a33941cd02b60cff5e94f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e5f9f8a1823af905a4671a7268a81919

SHA1
6802cf7e849e065567f23720482601e162aa44df

SHA256
4f337308c57dac05c2e1e733655432e4171ecf6416a6128862c65884a61bee00

SHA512
f0945c4f6edc232a7fbbdb00f41c141b7fa3786543de92df156f91850b8d7259a88697eaa4c29499c088f9ae7d1ccd334f698ede4be650dcde6fe3e1bf5f829e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0a46a26011c05af729d24c09cacf594f

SHA1
079e4686a54445ecf3746061bd6298afb24806cb

SHA256
9aca0fa00eed4bb6ebd7a92424442507d21395e8db576e5bb5c7043f54b2d465

SHA512
a5a76e5e3d7cc58b3c24263d7d79dbbf903fced84dbba2d0ab297d6f7d9c1e2aacc6bcb002d9e210f6546f45bf4ffa0e5a9779ab7dcc1bf2ef87d4a0c582806e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7c95f215642ad52d94e983e085213eff

SHA1
0495eeb1a176b38d2a123661f0e15ad65f7334d9

SHA256
a818ca88b7f40edb9915a6537848a871e2fed7106f21e52c308c1ca87af6ca09

SHA512
8a093f951d8c881015553ed9fdf3915d52bff902668e62253ed5026fab22f5053bcb00f6a4e3bb1c6da9e15f6a84c28bf6cce6e8e2fba2068edc5ead27e2b129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c5a4cd83cf53b3adad6ffae6427f1a61

SHA1
3a65a76a16b0a5437816c845688430837e8425e5

SHA256
b4e4200b0f58be6009764258940a94f677f0932855082d808ac6ee8ae69a0321

SHA512
bdb64f75ed82836d5bb3d4171547bbac92c583a55300d5d6a174bd2cf9ff6a47d500ab1bab890f4118f42896654b8a325ff3339345cb29ddb7416b09463e1bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
7d1cccf356543dc9a13f2cfda231f5d0

SHA1
7612d66b49f6e297fef54cc9f0ec574313092ba4

SHA256
ba401521546cec7790269de54e9f1e93ef32c16e1e73c8d6c406e1561c563ff8

SHA512
f60b6c541778354d8046fe90d4fb7804a1f3ccb174b6b6220693d9ed622720b220001f2ae76dd62fc4e3b0fd703df4c19507e8d4bb14a48cd737c0099efdf566

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC055.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC25A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit