969f1330da3a1f1e3e92dd461d67a479c5cb2a2ec458d4735da3282f59505f88

Analysis

max time kernel
146s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

311KB
MD5

811a2c6d998aff12d240d573330ad1d7
SHA1

2d89eac09fa89e10505b0ee88884859e0e3ac570
SHA256

969f1330da3a1f1e3e92dd461d67a479c5cb2a2ec458d4735da3282f59505f88
SHA512

00cb022a885e95f9e9d4ea6072545209701c8b4e338c43287e264db1ebf97b16017ee36fb1bc46fc7fa71fad39d9fcca7a481058417263ccb7ccce190ea61b62
SSDEEP

3072:riwgAkHnjPIQ6KSEX/YH3PaW+LN7DxRLlzglK6aS4:tgAkHnjPIQBSEQXPCN7jB6aS4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578738693057737"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4204	chrome.exe
4204	chrome.exe
7504	chrome.exe
7504	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
8044	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe
Token: SeShutdownPrivilege	4204	chrome.exe
Token: SeCreatePagefilePrivilege	4204	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe
4204	chrome.exe

Suspicious use of SetWindowsHookEx 35 IoCs

pid	Process
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe
8044	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4204 wrote to memory of 2812	4204	chrome.exe	83
PID 4204 wrote to memory of 2812	4204	chrome.exe	83
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 3676	4204	chrome.exe	85
PID 4204 wrote to memory of 1416	4204	chrome.exe	86
PID 4204 wrote to memory of 1416	4204	chrome.exe	86
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87
PID 4204 wrote to memory of 4576	4204	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffb37c7ab58,0x7ffb37c7ab68,0x7ffb37c7ab78
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:2
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4508 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4084 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5024 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4056 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5184 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5360 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5524 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5700 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5900 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6060 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6080 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6212 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6484 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6628 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6772 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7256 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7368 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7504 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7532 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7548 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7564 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7704 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8176 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6784 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8380 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9056 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9140 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9284 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9556 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9572 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9720 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9992 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=10008 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10144 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10388 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10572 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10588 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10964 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:7444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=11132 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:7520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9020 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:7616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=11200 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:7708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=11672 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:7784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=11828 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:7832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=11960 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:7844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=12008 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:7852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7556 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:8
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8384 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:8
  2⤵
  PID:7340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11392 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:7208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11460 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10056 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:8
  2⤵
  PID:7644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11212 --field-trial-handle=1988,i,8709545509583770877,5344506006760433805,131072 /prefetch:8
  2⤵
  PID:7980

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5092

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:8044
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Cyberindo Billing 1.8.6.rar"
  2⤵
  PID:7276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Cyberindo Billing 1.8.6.rar"
    3⤵
    PID:7384
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7384.0.1204978412\1846129763" -parentBuildID 20230214051806 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de8cf204-a8dd-43c5-8bb7-416e07ecea99} 7384 "\\.\pipe\gecko-crash-server-pipe.7384" 1852 19d5590cc58 gpu
      4⤵
      PID:4864
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7384.1.1605355486\1021975958" -parentBuildID 20230214051806 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fda485f-454f-45f8-9fa3-51e510b05470} 7384 "\\.\pipe\gecko-crash-server-pipe.7384" 2444 19d4168a558 socket
      4⤵
      PID:6932
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7384.2.1700324319\454628697" -childID 1 -isForBrowser -prefsHandle 3404 -prefMapHandle 3300 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac4d917a-c952-4e89-ad89-016b4b29cc8c} 7384 "\\.\pipe\gecko-crash-server-pipe.7384" 3304 19d58848058 tab
      4⤵
      PID:6596
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7384.3.1379035283\196779219" -childID 2 -isForBrowser -prefsHandle 2576 -prefMapHandle 2468 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {571b7de5-29ea-4628-b46e-98ba46f09b9f} 7384 "\\.\pipe\gecko-crash-server-pipe.7384" 1244 19d59df2958 tab
      4⤵
      PID:5740
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7384.4.256642959\1199454013" -childID 3 -isForBrowser -prefsHandle 5016 -prefMapHandle 5012 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebf30c58-4fcc-4d26-a2f9-f95a264d8b88} 7384 "\\.\pipe\gecko-crash-server-pipe.7384" 5036 19d5bb0c458 tab
      4⤵
      PID:6352
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7384.5.1467658537\613238828" -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5176 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ab95d81-740c-4e78-b14b-bfdc8dbee551} 7384 "\\.\pipe\gecko-crash-server-pipe.7384" 5284 19d5c70e858 tab
      4⤵
      PID:3708
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7384.6.1756776882\1138348103" -childID 5 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12866976-9568-48de-9265-4d312521772e} 7384 "\\.\pipe\gecko-crash-server-pipe.7384" 5416 19d5c70c758 tab
      4⤵
      PID:3456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b7a2e10b9e444e3d57f4d952276df8fd

SHA1
b70a45b53a0088b3277bd857be9b0d4f3212dc91

SHA256
2b3b7b9bffd2ab981bd8e97eb01d5ccb2a82a478cfad815d16cb71aaee1034b0

SHA512
620706d6a42c61a5d1e80ee261b11aab87b59cf2dd8d9644e5d611e60884eaf8a7f77b1d9c3c1fae4163d46736569b4d9e50363e4f7c21b1733422099cb563af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
86KB

MD5
281a987160ee383beb3f74b63ee20bc7

SHA1
e67427127d08bacfee48a70e251bdc47b9c90da0

SHA256
2ec413c11a84e738bf4bec824e3c5f95f2b5eea34cdf1ed5ebbfb3cbd7b1f9fd

SHA512
25393682465931b5e81b93972fc099f943765192ad6b6218f8902760e536b294a350885f42fe2f8bf7e2c4cf37a3af17bbe1743f7c618b3b158af35c685a7868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
65KB

MD5
d37a0b50e8cbbc3de35d3d1e9e1185cf

SHA1
c898ddfa3f2c551980ab4bef4a463c3fd11021b3

SHA256
deb12434ba06baf14aed67ee8aa28f48ae856f3792797eeeab1ee218754caf04

SHA512
d52983a3cd1343454bb9bfecdcdb76791a93b15fe83a46a62ca668041fff818f94815b6c596c2794972e11df3f4139a86e480578cd5e332bf9325e6e5e1572ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\69ae431da7cc9373_0

Filesize
33KB

MD5
57bd80428326d12ca4e4c395c97caa55

SHA1
e9abc410cca0b56d7f1997fef48c45aa0cced9a1

SHA256
77f4af85e9b8fa2bb9c223884f3ec11aa059a6af338a4e9d3cbdc7c9147b57a8

SHA512
d6298cbc93122e4e1a6a95274b05706871f447e10aaa1f350f3570c9e1bdc4e64fc7c3a6e228ab8709a7140747b263d9043973bd4acce20c360e6c391ccb4574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\944798328fdfddb0_0

Filesize
290B

MD5
4e04a6ad4e86e58de4021f0a1ed3bd1f

SHA1
640047a009bd37dea9e27b262ba52dfdcf333b6b

SHA256
93ef99b9c386b15ea995b465d822e0ee75a5197c4bcd54084fab96485c17614a

SHA512
c9ac20b7cd322ef0d0e20f2486862b840f388ee7b32dbd4057de3bfc4544ab1cfbf3984b1efc6cf97ef0156061cb2f50f9b12d31f9e7794fae30a3b697f5a815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f119de073f5c3e4f93bcf693a270bd3f

SHA1
39956e974224306923ef588f08606e847df45baf

SHA256
b39a142e849c7038584ce5454115bf7f141048f198b68ddde97a65c48e6bd3b7

SHA512
942b76a04828bb1a31a62c98e1c185f4d50c5efce2dbb7cd5a652d5dfe6fb6e5337049aa0441992704c877216be242edab0afab9e8de6d89e0ba3612e50a93e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9a816acf1f4d16ada3e6e0040a683d4d

SHA1
0e1a681c7e43ce3aad6b5f688d3b09372b561f67

SHA256
923b1275a52a18c09055f1f57f65a99d8cf4f8917e978b110140400b2dff3ea9

SHA512
ce20d4d293bc3745de2f243db35012171e6529fbe9390cbfc26d30e9e9941c7bf72394b519dfb046d630fb250f201aad0ce550fb5af7d8cf3e816d44f2484887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8fe42ed4e5ed322cfe042683a2b9aad8

SHA1
9ad4612ae8e519559085861356a2296d09a2e174

SHA256
53aa6c654167d3e3074d49157a91fb5487ff4b2005beefea09086ec8e6201d8a

SHA512
30cc218a59367a0666e91ecd2f3423ce74ed01a3ef5ef359b7fb0129dcbac1568b8fdda4c293ae09d65a19e17a9ebac97625c1df9c6cc588cdd8345a892061ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
7237117bfcc7913fcb6013491babb1f5

SHA1
eed88dc5e1801f03c495dcb8b793a3b9b728a2a1

SHA256
44fe3d0d2a596e00c639f61cbb8244f3efda636357489ca86757542526fc5b28

SHA512
f2674b85e699e9c23487cb5d02955b79f6f523383185156ef3044df0cea46b67d4e01ae9d39e54d95c5d2769bba1836f11db3a5f96b4d12ec90db6330e9c7436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
84b1837584cb25d3bb403c85fdc3729b

SHA1
eb68275189f26c227fa2c665f0ae267a51990be1

SHA256
0adb26b966de4f3725f1092007ff1529add146e2375a2e542ccf8ce4c2ba0361

SHA512
3ebd2033ab564c4fb8b6961451c9709f5e6c173e066725c01bb7ab68905395fc9c1da16c91b35a1991b9db2d5efffb9fb8a78e5deb5cf5ee14c5b10f8d26ab8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
51c8ce97ae0856d58f3cc31f9adc464c

SHA1
76dc14fa5dae93283046f0e8d413fed36dcedd8f

SHA256
dd48908d7f910d8a5190e900e7576e23b77d0ec79f00ea836f9688b711696ac5

SHA512
10b8472e0fc1b05619604551c3e8d6ecd16848a9758fa79cec0f5ec557f8bb2db8c98a2760c4b2fe9b644b2905ef1077d1a32b59790bf0b84300ee908241422c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
05bd0c6f9abeb9a1ec7b7dbd349768b6

SHA1
1b68cc78c4b2dce7209deae7090c7e085da0dc98

SHA256
08ceb419e6eacf1542a513e1143b0b29b5dadd317c5af47fadcd5c453ac98063

SHA512
f619ee372cb22c45d78b8e64106d10c44a7fc218b79b134b5749b72d88201ec18133298b94c0f3b8e75f252666b779f3dbff07f9260d7fce59dbe3a68e99e9b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a887f75ba00bf4742c1664a41a80182e

SHA1
5d7a6a74bcf0b69b889f331711a40beb3ed74c9e

SHA256
a8edc6ce9e7cebdef965e30c351bfb4b3c214018cb32fbc51286508c7a093e31

SHA512
4071893cee36e8d618c8ee0dfd17a830323e08fdd70de07adb88a932c60824f2094eb0d9c68da37a547f3c0c417fab0b1c8b5178c9b1b94d39e2dd2a883e7261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d6a0609e0806dc6a1995be2eb58bd4a6

SHA1
f5c9a0ceac65a98632df527f1948c37e45e03fd3

SHA256
d54ee6916ebeb055c1faca81032b6f2c183d69e8f3eea3e793514b30ce8d04e2

SHA512
2427cd3e188cd8f6db02f7027bd73fba2d4d05ec2d37a18131db5a642c5f7872fe5330b991606b51d0c2f6eb8bbbc768569f23930dbb08c1c365d42604bfced7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
60c83bf6015519004671df2e3703c6ac

SHA1
5d8aa6f25ee429f2b32d853cee458f92bebc9e9f

SHA256
31f5f03fdf970685cb292555834c47ff213fecec3d99f6f50048759b3e5557bd

SHA512
ac414c64f06502cd547edd96f4c5680bae44a17ed0de2ee63a7b4d6fa91be7189c00155adc509a660331bbb8f932e147e926434ab88817e5309c3b51d8da7db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
5e6d365e3feba106d9970d89047349a7

SHA1
8add6c3a96e54768c034fecacec56e6d6d165105

SHA256
d426e334aeb13f410090eb99fb579b5f147d4c8c7c3d2a7659b957c2e24446bf

SHA512
e9575b21cfef0096b755b4c8aca28b5bc8dfe75c57bba0720533b9cdfdee84009b898e8aba356067d5de399755f767d9f3c605b25d6f126827f2bf497b43f6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
04d5ce3e9b620670708fbccfdc11213a

SHA1
8110b7b2e49ef074d8c3961d793e020de03877e8

SHA256
0d1d4e290d85fe8d903008dcc1225d24ff90e8624ffe36c3c67cd91233f8af13

SHA512
8b79a93070d455b3be2d857e9d5101d1ac9379b8b36fce00c94bda0a26ef3cdb49c9478e4bd6476cca1072c6b4e983fcab5a873a321045f2e75057de34755eea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
828f1fae2fff59119fb2cf51833bdcfe

SHA1
8af8d9bcf3bc8307611433140e7d31ceb962516e

SHA256
45c8b16cf3669749a930b68b84130966a856cc1fbadc161b7fd454ea1f4dc91d

SHA512
6252c036ac7c143b61e54afea26ac1153925ef8619badb5ee6b49d901a5dca55b0506d7f54e727c4fdf4333827a66084af82eb8a31d65762e596573329983ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f955b63018969333d575f2279df69704

SHA1
b0b9d3cb3839c83bcaeab0ef55f3bd8b7db0698f

SHA256
7f75ad9cf64876a74d813e764572d8bff5064dabcb8b367bba92943bebbbdc95

SHA512
ec218533a57965fed36f3b70cf9ae330b69d7fdfaf0e00ca134fffa52c4b9d67c6d514e71ca06b2b4bda26183ea76e3a96fa3b4e9254ad99ece9af622d7dbf8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44c5f84ee6077a0cdcf9f31b7b166237

SHA1
4cd9c1341b7965e4184f8bd5daca6fe1a9ca412e

SHA256
1fe7e02b8a1941c502d7ec64537360056ee80c3a31d76e5800b8f99ed374f5da

SHA512
cb7b71586c886a3c611de07cfaf3416db83750ed781a7dbe13e8e639b42542b7981c3b8ee800ec544315b068607eea9a9aecdc6366ea57f244f55687c2419a1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
aeef77bd660efbef8f10c5e388731303

SHA1
f7d2bada6723d43fb54b0b7f93ed53dbed82fade

SHA256
4c1c5bbf3565443f3458cfb6c519ed09acf044d38591432f14b7e6b891231f8d

SHA512
79780089e77c3c9b192d85bcfe93c2ef52b476c6bea50cba9d786dee0c0f0115523671a8f3fb86934b690bb384b3fcfcc6603102464588c32231814c5ff757e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
17906f231e99bd9946c3ed7eb524eba1

SHA1
0dfcc1e3884af7dff7bee98b61aaa5a84d72fd80

SHA256
5d7366f1cb0f6c66f1e95bb5804f1094d36b0581c511d0fc6aa8ecfc281bba59

SHA512
aa6abfe12c61693696a5653cae1d4feeef4d9c9df712ae784edf1ad68abcd92baabc04e0018439a31c6ebd25bf0b1972e92c6226f446728f61f73dac5128add1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
b79089bd9a5d07e1338d656c0731ea8e

SHA1
7ab7c0b0c6fdfe08f3e5e1ace7beb88ecf6e9ad9

SHA256
d661193571390575925ff27af8380d8e633452e76b5e2e7f751d375d45c56675

SHA512
7402b918b6628ddd29bb4916930bf7b452ad035f36bc455f1e680a8d08e99bf9d3d44cb0e9b93316bf7194084d3e07193a0769873bc887bf55e2143bf5a822fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583c97.TMP

Filesize
91KB

MD5
ba9fbacbb347692520b9a62fc30278c9

SHA1
c9a397cbae553d03a33430058bc60758c993a21c

SHA256
58dbf53f89c317937b3a899b65dcee348128ac17805bfa92cc47011c078b825d

SHA512
8c7ce165480fa92b050f05866a3d825c22ab9feff530e526cc83f0f5b5f45eb3b2ebb93675a81ab5f9b4f4452836c5300feb112cf2a6457448d61abe55a9be83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
db9b9860a666230f1796dc91cb455e15

SHA1
dccbeb74ac6a78b1b17431094d066c1d238e2051

SHA256
5c7574acc77a622963e0f2592a19a61ae925ca565c12b9ee732fac4b357c3d82

SHA512
cc99b1e5a655b669445e4e87496da098f5b4340368200b6b995657d5d24f71f519a45d4dd73c19a3905070855ede30b87199c78d2e46b634106df82cc522894f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
262ae22c090c9df50b1160fe8dfc0654

SHA1
ad5bc661b41dd8107fdb2f738c60a41865a2310c

SHA256
2d4198887d6088563140024d4315e867ceef4114cbb7257c1d77664551eac5bd

SHA512
e5d7260790d67caf78f907b160d35d76fa446846942024c948299b880aa730506c27a831c70fa4b8997353b2faee7059773c4d185f8c4ae62c8713f2ca691fe7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\prefs.js

Filesize
7KB

MD5
62dc2cb2e595624034f273a4426d999c

SHA1
d6b82c3459f89f186c7bf07421988d9bf99d758e

SHA256
6716e912761565ea8f1fd2bd4b2b83e669f738398667d5764cbdbf628f2a738c

SHA512
9a1203505502981b99130bb3575e9cd3da9a855d82e2b4811a6c49299658e584a94bfd40c01659c08f6694150b01c38c265957340c558ddd162b28f0216edfdb

Download Submit
C:\Users\Admin\Downloads\Cyberindo Billing 1.8.6.rar

Filesize
59.5MB

MD5
f362ae976a8b3b43f2b3fac3d62076ac

SHA1
e81ac4843d40e95c45c0088596682f7ee604513a

SHA256
e34e13bdf92cecedbf6da8b121c109d59b548785ed373a7e1cfb152886dd1c6d

SHA512
a48e6cd0a5e322b0ccdd2845610de38d00ed1ae7317e69589433f7631259b2692d3a176b6b61a3584816aadcfb25ef9a34b701ca9851c5fac58ec16a2c46ff26

Download Submit
C:\Users\Admin\Downloads\nd9v_fFf.rar.part

Filesize
41.1MB

MD5
002aa9972a351c331eb2a6f3a086a14f

SHA1
b58e586d0ec0657f6f647c36c44f084093a67414

SHA256
be8cb755c442486efed41fa6bbdb0c31f935c32554e0a8f9b07ed550069a7acc

SHA512
9f75b06053db6781e3e4cbd945e4f40cd3879dc6d7a26d9b8489a0bc161510b4149b43451c5307cb8d28964baf3833ee3748244c661aceb9861bdd9ff5ff7e71

Download Submit