85c5264742b0808b9e64f8fb6d1565dc8b058dba42a440f9850abc46518b88c8

Analysis

max time kernel
147s
max time network
161s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
20/03/2024, 02:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

477KB
MD5

afa2d151201d305fe0c0fa97bf388150
SHA1

5bb9681f1ba3d4ef47751d5c494f1d95f00b46d2
SHA256

85c5264742b0808b9e64f8fb6d1565dc8b058dba42a440f9850abc46518b88c8
SHA512

b1470fc3e0b940f9b108996eca131b951c93a92e9898c8723da9889d16edde2e57492610ebf3ae436dec673f3e13a3ae0f53353c220323c2cd84855c0c8dd350
SSDEEP

6144:W5hl2il2wl2tl2ql2Xl2Vl2Il2Gl2Ml2NEYz:WflzlblmlPl8lklxlvlxlYEYz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
496	msedge.exe
496	msedge.exe
2632	msedge.exe
2632	msedge.exe
2800	chrome.exe
2800	chrome.exe
3380	identity_helper.exe
3380	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe
496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 496 wrote to memory of 2104	496	msedge.exe	80
PID 496 wrote to memory of 2104	496	msedge.exe	80
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 3344	496	msedge.exe	81
PID 496 wrote to memory of 4180	496	msedge.exe	82
PID 496 wrote to memory of 4180	496	msedge.exe	82
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83
PID 496 wrote to memory of 5060	496	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff74fa3cb8,0x7fff74fa3cc8,0x7fff74fa3cd8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,10892571046389069759,16345072706702624761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:6112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff62169758,0x7fff62169768,0x7fff62169778
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1820,i,9723623857862643657,10153467710754445569,131072 /prefetch:2
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1820,i,9723623857862643657,10153467710754445569,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1820,i,9723623857862643657,10153467710754445569,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1820,i,9723623857862643657,10153467710754445569,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3240 --field-trial-handle=1820,i,9723623857862643657,10153467710754445569,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1820,i,9723623857862643657,10153467710754445569,131072 /prefetch:1
  2⤵
  PID:2520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b94eb9147c125406574c535cf94459ac

SHA1
3630de2d9df10732c7add37d95dec21bdc55fb82

SHA256
a6ccb265e7b72ddefcb9010a6f016bb506c44488c6d46904b6a38675712038b0

SHA512
f7c9f1ca992436fc4b0a7a7d7b90c8c34d8ba2e47bd25a95f8603c1a3febb695fddf826760974a4f27dcac4756d61738a3428cc83609547f043c60766f56889a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b7382b2f-b957-4bf6-aa03-d8776f1c04e8.tmp

Filesize
371B

MD5
66d6257277c4e08d85662adf2bf80278

SHA1
1db6eafb331aad729fa2ddf0d71bace817841aa4

SHA256
4ff01cde0ebdd044ff98e06f3f3bc9a640d88c9a61f6c4f3fa8af83c7c4df86f

SHA512
a07dc72e6c584c7d294f78e53c48e25b5c2ea70efa2bcea56002f325dabe42f2d655b0695cd299fc13c105e2ecc8f6ac5703800db6758520a0d1546215847bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e2895d71-8b4f-4162-a10e-c1075595b9d2.tmp

Filesize
6KB

MD5
f78a90ec25a4d890205045cf750f3232

SHA1
979bdeadd60ef80b916cafc0704c8b5114deb431

SHA256
6aff5dead9bdb3ddcd6be856ff292da5920178c9364cd6f1efaf15124da9b537

SHA512
249d0def4a1c89fab6033c195d675d00627b6268bf3c3d0331cd7feac921e07299b660da80916aa23780649a6afe01564c24caf0339627fc0c721f70090cd5b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
c0ef8e9f41e5ed7e664d19b32c2c424f

SHA1
1e4534ff567916d3e6c9a602ebf24e13e131026a

SHA256
2c062ca3772b39f067beec1cfed6436ef9ab52382370ee533c2eec1cfc75bf5c

SHA512
f7fecac5bc6712aab688acdc2dd49666553df8bf7bf3beec4321eece8dc687f45ba805d7ca2e60c5b6d9a182916e7b1d22b21f7d691c68a9bb393a67bde696e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
653B

MD5
2b470067b87627a627d8374cc88e32ab

SHA1
6a88ee66826fcc81dcee31249fb6d33ba08bf9e5

SHA256
4021bd0d521068f5d82cfa6719b8c2920b156bd3bed2fa1bf9e7951fe0efc304

SHA512
dd6be0557c7b64439290864d4c3cfde4bc761d0d68340ab26d566a1a8a10d441a363f920982d61322fcae4ab99762a5bb6aca236fb8b350663ed45f9964ddb24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
25205c9e58aebe9b0c99f55c58a41d90

SHA1
7020d00a610aae8f693d9e05d76a1b95d4bb9814

SHA256
6ac7663980adb88c3f297a976315b5dfb735ff4476dda4e527c56ab3addaecf6

SHA512
09c71cc999d84f755a6f5a5f708129b1516ba779e7783b69c7c6dba00f0fff148c14631293ab0a4e0100ffe489b0871d0e758c256220f2206f0ee17d7dddb583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f0ff4c62826f26c0dde38369ba709443

SHA1
e65e87687b606b41d21dc1acf927bd37471694ff

SHA256
3722f2b09eefffd178fd87c69c91407dbeb70676a6ed5767d4ebeb62c07c48bf

SHA512
90dcf876416c077fad48255e7b456b7e808654456f1ad177e2e09eb125e1e4695d53d447dd710239ac4a05390f9830a0fecb130554ebbd46ad33cf279ac33351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f738323c77ff2839c848cfc4675a1b5

SHA1
dcd218ede8eb8ab6274cea346fba3d9452707ac5

SHA256
e05e2873a901a637e30cd0c2974c933fbb92d69c494c8cfc6024d536a2ae3e43

SHA512
2bec7116b6697851c80a98a23458664a6f4f4abed6f436723c281efe8e933c851280a6cc93cc67939e144db45b4ebd70d5c0b249e87847e90c541be48aba47c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d9ab69d4e741d66127855a770edc7db

SHA1
451f9b053202af9636c5424adf05410be0c387b2

SHA256
436d3ef8447c7f6ce19352752e728917de925fdd2df6e2ea08df8ac0a58bdc34

SHA512
350c9185072689350621a19375735fe61e553f47ffc65c51f1093c6939eb72f3ab04b42b8903c340e3f0a1ab5eae834a29b06fe995e74c0b58e1cb0fd0ef846f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bce7d880e549e9c679f6c8ca066d53c9

SHA1
a939f3aeb7d803f9d6a12cebb2a2071f9d673b71

SHA256
1e41453129f1812f99b9d7bb296412f648ff960befd3b7101f238684efb4a725

SHA512
582d3a1102414c9242c8350e7c8069b7bc6bc1db4e820df32d0475bc46e65e7df9ee0756c3041f0448afd6894ee3ce51afca8982e37597bc83475a499c9edfd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
33219f2a7954cf6cb22e133621aaa7dc

SHA1
16e6a69839872cbbd61d445024f107a32e6a4ded

SHA256
76ef0ca1294d8e09d6dbca55224be55b4d7b5db2fe3e475cc5d8af82560bc43b

SHA512
6146b5e1ffcbd9271b5bfb4962b723ff2bdcc5a0874754c8a3bbe62dc2c247d286bb6aae33f57c5392067b20a614f0f7810b3d696270ad33a0985e15a6c020a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
66c517032010bcd56b08bfb0ab01a0eb

SHA1
de0190fa7db4702cd43c1d69e15056bf5e0c3de5

SHA256
a56243c835244b72f643f2fcbf1e5cbb59961cdb0e60898e7f664f7163e13d06

SHA512
7079535742a530527e23d08346da9c3dd4ac238504d07324435b40b27428b1286ee4e18b12ed4a0d233548cdafa9ed337a89fbcda43134d66a6f2930c2be2a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c455772c79a69776a8bf5b2f2e818fd3

SHA1
fc449411efda0bfea8ee92af3756453e16d21b22

SHA256
188870e88c1171e4e8a1aa5824bcf925b6306f794e9db0a63f60ecb3b208b587

SHA512
066972c2921a74e12906125944b7e32e3fd754569ec09e968368bb3d2d859952dd3c1f4dd5319dca41ab106bd0b3d07fd42cfceb839b38698630cb5cb2b53650

Download Submit