b36dbbe713867500d28e7117899ba998934ae0f41d365b022d76315f65e870bb

Analysis

max time kernel
149s
max time network
148s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
18-04-2024 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

19KB
MD5

04df8b10c4777c0746390fcb70db2c43
SHA1

a6b2b41fc95a1d14202450fd687503b79fbe02a9
SHA256

b36dbbe713867500d28e7117899ba998934ae0f41d365b022d76315f65e870bb
SHA512

3135c52e802bfbb8a61a3242dc429488ec83e29d43722a206f7505e8a45a3bbb7b693888341288334a3837eea1657f54ae75b60742ce42c6657e1e30ae9c7f36
SSDEEP

384:rw22cZuDpmReVoOs4eN9ylKeGMLU8Hhhbz7TbE7zS2LjFrSF+JVJCBXQL:rwZBVoOs4eryI1MzBhbHTWjFrS+JQQL

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579396802971452"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 95262cdac091da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{4B9507F4-D2D1-4360-B751-02CFE745AEBF} = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a27259dac091da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 73751bdac091da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000cc268f265e5a2b07becbc27dd153e8a7542724bad2681be24b7025dce1f567ae1491ee73853b20b620c82a20491c690c4b3a37781753ffb761b3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 74b031dec091da01	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
652	MicrosoftEdgeCP.exe
652	MicrosoftEdgeCP.exe
652	MicrosoftEdgeCP.exe
652	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4352	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4352	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4352	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4900	MicrosoftEdge.exe
Token: SeDebugPrivilege	4900	MicrosoftEdge.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4900	MicrosoftEdge.exe
652	MicrosoftEdgeCP.exe
4940	MicrosoftEdgeCP.exe
652	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 4352	652	MicrosoftEdgeCP.exe	77
PID 652 wrote to memory of 4352	652	MicrosoftEdgeCP.exe	77
PID 652 wrote to memory of 4352	652	MicrosoftEdgeCP.exe	77
PID 652 wrote to memory of 4352	652	MicrosoftEdgeCP.exe	77
PID 652 wrote to memory of 4352	652	MicrosoftEdgeCP.exe	77
PID 652 wrote to memory of 4352	652	MicrosoftEdgeCP.exe	77
PID 2324 wrote to memory of 2520	2324	chrome.exe	80
PID 2324 wrote to memory of 2520	2324	chrome.exe	80
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 4952	2324	chrome.exe	82
PID 2324 wrote to memory of 1268	2324	chrome.exe	83
PID 2324 wrote to memory of 1268	2324	chrome.exe	83
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84
PID 2324 wrote to memory of 2724	2324	chrome.exe	84

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\sample.html"
1⤵
PID:3104

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4900

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1764

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:652

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4940

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffecbd29758,0x7ffecbd29768,0x7ffecbd29778
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3980 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5036 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3000 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3008 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:8
  2⤵
  PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5172 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3120 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1844,i,8283550535292276949,5624772005944423822,131072 /prefetch:8
  2⤵
  PID:4916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
64d4b121e1b77aeaa38870513165e928

SHA1
afe8d9957c29acca21794ec9567579d37a021638

SHA256
3dec02c4f27ae3a7c12b75f36f3c1c84801a4568743d00e14e440432339d7a4d

SHA512
33287cae235f279c3ee5a3c8344b22b514e6baafd5ef43de11867551b6b8ee594fa2c33113d6fa6ffa0d44813f3db12660015b71c17d05b34d6b8df0850887f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
34e3895176983bca4c6676220c60be99

SHA1
f7d5b99d2be220b1ac1505417bfaeeefa02d3978

SHA256
e5951c8f9d46e0bf0d1e2ee731c7c13a6e14e3513734fd70344bf671bd35a291

SHA512
4c13a2d7bde195c0b358c304c041875f6beceefa133e2bd610e72834691fd7070b7312c59b5771a24bb9ae391833c8a35b2cb7eb5cf222c627d695b6ed4e4e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
971bf6647e9fb20d289eb2e949f2c8ff

SHA1
3e66cea8e4b0b1c7d815d4604058cd6b734d1a88

SHA256
b2f11aef98a6fe6321cc4392bee6e689ac28fe96341ac4b99996af2cf77ee087

SHA512
d2f89ed59b0d6efa9c46ad2eeee6867325d57348d0abd8e3dfb862ed85bb462aadf0ba3eb62b53ec2e982d676fc8964b834891eceb8f4c4a2455873309601e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
98b44dc58c340050a6b622a97a72a19d

SHA1
0c91b3cf04764b96d9ced5a0910b9e27c7540739

SHA256
3a33734f5d8d378a049e0ba6e41a1275f7cc147109e38db23446ef9009cce778

SHA512
87fd6c2062f78185e38636773cddfb3b8ab941eecbbd4318c7da3b29741cffeab58a301bfa567e075e7576a432fd082e42cdfa46fb0cee5252de0ca382a30f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
4481cf1e2f5d9cbc108e96c71f195d72

SHA1
35d9d79d0534d91842ca9b5bc86fa95dd5f811f8

SHA256
365cc7fd71d29a8b4328d9bb7f337ec0c31c2c353b7de8c186c4df5f57f3895f

SHA512
819b60efcac5acfbb94c4d91dc4bac30f4f479c7f06fc448e04b351c129d2fccb2958c0f1f958b24801a490c7bdfada6d8775f5449a83e7a6deaf69e45ab6c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6b264ba8d30c4581756e8a76d96876a4

SHA1
c764fc592a005fa15b976af40f9fd4935c6c1a8f

SHA256
25396a3bac8e18c35f574f5b80442f78c7341b85b0ffdfa5230abef9377ba177

SHA512
0d29548d40faa6b2bcc221e74d988910ccfb84ec5e6b1478992f9440ed2eab396ccf98c23e5b39f37881ecdf3a65ebbddf816b04e778f1c30c7b6118f649f6c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5fbbf0a27c79f9f1146c8bd9df62f6f2

SHA1
477548e3aff3c6b655fe143735732e45ad85d8ce

SHA256
455de60bf25ff0fd190620752bdf69a5b42df70562087482a343382c6e6c23b6

SHA512
24b4cebc7d687ea926b17c298909c8e335b2acb0bdd2e5efe0622a23369d7b6c5768dd8c79d8a0ccac076dc2194a99bc89c41ae370b3159763c6e40026f50517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a12599691ce2220a9a9b0da087cafa65

SHA1
a3dbf17a31e37dfe4805b3363ea1ef599556baba

SHA256
dc3441529d7c8271d1f06e6e7d2655d68e845d0a6c729bad7ebbef68a2f030bf

SHA512
5104261706757c929c7f404cbcb09591150d7c13ce678adc0e2401e4ed2ff2da674ac65f13bdac19a342473fe5a38a26a028cba0a56b7a647954ee3d9cb1aa17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
37a206e42b8aff0da687a6b626becaa0

SHA1
6cf0db831fcc8c00a84d7ca52bb0091e287358be

SHA256
7d2c1611508f2294b798311367362f00a651c5e80bb5afdfcdf01dd1f4f40491

SHA512
1cd5d0c5d430f4aac52dea6c883e04dc73af30ab291a096ec3ba43457546e634a2071dd0a1a639308ccad8c417fa21fca54d28be27a2721e9f38dd8c64c53611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6e12ce388295c2d50059dab4610e392c

SHA1
8cac4f8610dee2f811c6fddadc906bfe996bd5a8

SHA256
c8cc737b38775fc5d92272956b0889453414ad277a936cd6bc58e68c796f7230

SHA512
e59c19d20d38cc79ab21076139402ba94ec7c62300846bc73ceee7c4ad88a0122cae7bb81c11a539a4d4742ceb53b1ff6ee0748943fd8be7e40645ff77520233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
82e011b5500aa3a0d356f89412592c48

SHA1
5f45b334b1593cf3966581f54e4b26f881551cee

SHA256
aa1c02b6e1eee4c29b19c4c8d70c16c3f57377f254fc477a620d614c2fc3d11c

SHA512
588743b5e1c3a4ccda245aba9ff545fc05286e5b40d1407ec871e26dfead230c23f6b3113ddf4d46596ead01b478e3a1d825800a490213c93ff0a67e0a1312ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ccc9e04a0643e215e39c9e4c7ccc87c3

SHA1
bfa6be2df0a5b3990b309c8d5f44192c262b9457

SHA256
c3284289fa5c9ccb974d22399859648ba6a4fe0c02ec67ea52d410fce8e85496

SHA512
1c2705504a44e48ea98fa23a7e4bd434fef7c2c19f657133064576f9d247753b7a0843d3e05e8b24886c6b4b30765f930752ec80ff493a7bac50704ab09461bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe581a49.TMP

Filesize
120B

MD5
89ad54c58394087d1499afa5d1683e4a

SHA1
90109232056fe964372172a7f5a6791701548767

SHA256
d67e94c0cde315b979fc85323ca690465c77d6701d7386167293d4c84060dc25

SHA512
6299b2515f23e695e837d8e7a73063dcb7ebf09db9d9563dec7eadf549a4a4dfccb09b9cd135ac5d83d24dc4bf7695bd93b1ad259883956df8318393a5896fdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
d24226f60d06c48c519141ff92ad1bbe

SHA1
9ef7ff18c984bd01e48399bc93152b955e031e0a

SHA256
5c511325c2177e2334b4b83313f6220960e78eb49a44b415d4f3ed8f6e069dc0

SHA512
1612e0707f3efcfbe15d1e0df3e3bbd783dc8db0aafe146dfc0c50e27d02ce37210b5f3521c2ccf55f3d67a1f56a144ac14eab2e31eee099e2ab04ad18a17ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
522bce7f2b2e507b6a248d20e9712396

SHA1
f63f53aff22b87a289897d09fe4f7fe67bb31c87

SHA256
5ff7dad32557869cbec31c65f74eb1b1d8ca7cc9473158a06752c8611e692ec8

SHA512
69433246215d73988b9d1f8144014b62a55cfae3a4697ac263c68c2063430a71d7bfe12a2f869f3570422da7a7dbebb3f552ff6c20705dad169a6976718d5395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
1eee103d7cc702b613cd17b31404dcd4

SHA1
c1b7f0be76a6de84e1a97affb03a2e5a1e40d7a0

SHA256
a7e9e6dc0bc993315f1543ecf0a8ddc277232e096e80db85cdcc0ef9b0340c98

SHA512
d97a5c09c346b3a9985c034677e62694c6c45f9cbba8ce75d3c03fcb9876887edf1260a3d896e854460e9f3e10ba914e9b214eba5d9410e59ffa32af49726b8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
292KB

MD5
92c1633a28913e7eee558cbbfc656ae7

SHA1
6db56a31cafc4cf730556add050989fa2dff397f

SHA256
50f6a9f69afc4ad5e4329af68d923835a73c62c33cb14d69ebf418bd0df645d8

SHA512
c95f432c5c4b5a3e8d371f0b96bb25fa88107aafabcd6360ded84b287d4a034ce479b9c9666b3120099aa0bba0501d59aeb1c729d0ae6f92fa22ba448882f548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF39193A3AF501D477.TMP

Filesize
16KB

MD5
57fc25e99359a008770cda6768b74329

SHA1
574394d8f9ea46d1dca69609d930a08f19ced26c

SHA256
fd1fde20d154c5f6fcc8afcbce61139bda5fb1aa390c1f3480e9ae1e4235ac66

SHA512
c58427da88fe32f44c14762eca590f39f2e7ee9076576652551bbc7a473ff15128cfa641766f6de768b40c86f563ee0f0b04aea1f96cfa04ad32457a813b905a

Download Submit
memory/4352-63-0x0000023EBC600000-0x0000023EBC602000-memory.dmp

Filesize
8KB

Download
memory/4352-65-0x0000023EBC620000-0x0000023EBC622000-memory.dmp

Filesize
8KB

Download
memory/4352-61-0x0000023EBC540000-0x0000023EBC542000-memory.dmp

Filesize
8KB

Download
memory/4352-59-0x0000023EBC520000-0x0000023EBC522000-memory.dmp

Filesize
8KB

Download
memory/4352-57-0x0000023EBC3F0000-0x0000023EBC3F2000-memory.dmp

Filesize
8KB

Download
memory/4352-55-0x0000023EBC3D0000-0x0000023EBC3D2000-memory.dmp

Filesize
8KB

Download
memory/4900-84-0x000001B7EA3C0000-0x000001B7EA3C2000-memory.dmp

Filesize
8KB

Download
memory/4900-87-0x000001B7EA350000-0x000001B7EA351000-memory.dmp

Filesize
4KB

Download
memory/4900-91-0x000001B7E92E0000-0x000001B7E92E1000-memory.dmp

Filesize
4KB

Download
memory/4900-35-0x000001B7EA320000-0x000001B7EA322000-memory.dmp

Filesize
8KB

Download
memory/4900-0-0x000001B7EA120000-0x000001B7EA130000-memory.dmp

Filesize
64KB

Download
memory/4900-16-0x000001B7EA500000-0x000001B7EA510000-memory.dmp

Filesize
64KB

Download