hxxps://stecmcommunijty[.]com/1042780608521948213

Analysis

max time kernel
61s
max time network
59s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
17-05-2024 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://stecmcommunijty.com/1042780608521948213

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133604283155094188"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4824 chrome.exe
4824 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

4824 chrome.exe
4824 chrome.exe
4824 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

pid	process
4824	chrome.exe
4824	chrome.exe

pid	process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

Processes:

firefox.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1728	firefox.exe
Token: SeDebugPrivilege	1728	firefox.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

firefox.exechrome.exe

pid	process
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

firefox.exechrome.exe

pid	process
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

firefox.exe

pid	process
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe
1728	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 1888 wrote to memory of 1728	1888	firefox.exe	firefox.exe
PID 1888 wrote to memory of 1728	1888	firefox.exe	firefox.exe
PID 1888 wrote to memory of 1728	1888	firefox.exe	firefox.exe
PID 1888 wrote to memory of 1728	1888	firefox.exe	firefox.exe
PID 1888 wrote to memory of 1728	1888	firefox.exe	firefox.exe
PID 1888 wrote to memory of 1728	1888	firefox.exe	firefox.exe
PID 1888 wrote to memory of 1728	1888	firefox.exe	firefox.exe
PID 1888 wrote to memory of 1728	1888	firefox.exe	firefox.exe
PID 1888 wrote to memory of 1728	1888	firefox.exe	firefox.exe
PID 1888 wrote to memory of 1728	1888	firefox.exe	firefox.exe
PID 1888 wrote to memory of 1728	1888	firefox.exe	firefox.exe
PID 1728 wrote to memory of 4644	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 4644	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 436	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 4972	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 4972	1728	firefox.exe	firefox.exe
PID 1728 wrote to memory of 4972	1728	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://stecmcommunijty.com/1042780608521948213"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://stecmcommunijty.com/1042780608521948213
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1728.0.1650550340\1431822485" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44b31838-1538-42cd-a408-3e294f2bbddc} 1728 "\\.\pipe\gecko-crash-server-pipe.1728" 1780 19c1a4b7e58 gpu
3⤵
PID:4644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1728.1.401368717\1861786850" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfc07917-d446-40d9-9c0c-14de4ef35051} 1728 "\\.\pipe\gecko-crash-server-pipe.1728" 2156 19c1a3fc858 socket
3⤵
- Checks processor information in registry
PID:436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1728.2.2097152393\503066570" -childID 1 -isForBrowser -prefsHandle 2728 -prefMapHandle 2884 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0223e0c-bd77-4a6d-81db-676e33830bac} 1728 "\\.\pipe\gecko-crash-server-pipe.1728" 2860 19c1e7cf158 tab
3⤵
PID:4972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1728.3.1591055170\1294862145" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3492 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e56a35ad-a3b9-4032-bbde-45a66fd8d6b7} 1728 "\\.\pipe\gecko-crash-server-pipe.1728" 3504 19c08163e58 tab
3⤵
PID:3800

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1728.4.2108947808\758844394" -childID 3 -isForBrowser -prefsHandle 4908 -prefMapHandle 4904 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36052b94-cf18-45d5-a247-686b18d0550a} 1728 "\\.\pipe\gecko-crash-server-pipe.1728" 4916 19c214b2858 tab
3⤵
PID:2868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1728.5.613235469\1804768004" -childID 4 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbdf0bff-f8ee-479d-9fd5-bf0087144a39} 1728 "\\.\pipe\gecko-crash-server-pipe.1728" 5044 19c214b2558 tab
3⤵
PID:2300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1728.6.1506764718\725246553" -childID 5 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc7f29c7-643e-477e-b573-af58b7f5de79} 1728 "\\.\pipe\gecko-crash-server-pipe.1728" 5216 19c214b1358 tab
3⤵
PID:3248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd7d1b9758,0x7ffd7d1b9768,0x7ffd7d1b9778
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1796,i,17832770753362088268,12162716170136915385,131072 /prefetch:2
2⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1796,i,17832770753362088268,12162716170136915385,131072 /prefetch:8
2⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1796,i,17832770753362088268,12162716170136915385,131072 /prefetch:8
2⤵
PID:1484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1796,i,17832770753362088268,12162716170136915385,131072 /prefetch:1
2⤵
PID:2564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1796,i,17832770753362088268,12162716170136915385,131072 /prefetch:1
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4468 --field-trial-handle=1796,i,17832770753362088268,12162716170136915385,131072 /prefetch:1
2⤵
PID:392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1796,i,17832770753362088268,12162716170136915385,131072 /prefetch:8
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1796,i,17832770753362088268,12162716170136915385,131072 /prefetch:8
2⤵
PID:3892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1796,i,17832770753362088268,12162716170136915385,131072 /prefetch:8
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1796,i,17832770753362088268,12162716170136915385,131072 /prefetch:8
2⤵
PID:408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1796,i,17832770753362088268,12162716170136915385,131072 /prefetch:8
2⤵
PID:3880

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4068

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8f0dd17b-cb5a-4624-b3e2-bd02a567d1c0.tmp
Filesize
5KB

MD5
f5fa23384af2804c60b10e700789200f

SHA1
8bd3d98f8c96db5156cbd55568a78a83fc917302

SHA256
784c25371f660a8e7a32740da5916b30d24fa28f732c1b0e52bf339fad2432b0

SHA512
8c8508debbceeea586b063caab34bf795cd1ed308c456fe83976f27f3c23d42a5672c6cb416af164b46e6ed0ca62fa699e3a6dcfa04ff0a0f053b00d94061946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
cced7bbde40b4870a8b0aaa729b109ec

SHA1
75abc313dac6a8fcfe13b27268a63a926ce5e597

SHA256
6260d35263ab684d4069e7066ee0e645fcd8543bffedcbe1fa62e30209d4d803

SHA512
3fd73b3e4bcc86e75d8dc3e21d50f6452695ced826ca794846f49161eca6ef64e01b2a30e32a06047e1cc17f5e3676497ddcfb060f1960755a2bb814f504b0f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f1d926db-3715-4d87-9e07-d6305908047f.tmp
Filesize
1KB

MD5
427d95a3085cd7336bec4e129923b865

SHA1
7e4f00be3289c80accec83d3fd1c673d2692ba54

SHA256
47e68e2841ee4055e7770e9917e5f70863ac8814b8bac2bcf6ce9e137bf069a1

SHA512
97c25fe202928fde12aca1502c514c0c64588516b6909be1773b5c3f324abbe2ef91c7f8d4f15023fe603b46d91dfa89b8eba3e0fcf22554de3afd3c229ef669

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
6759138d28be250a6877c64ccfdea4ca

SHA1
bad80b72ddd47bcc12e21ed79059151a4c8b13c3

SHA256
b6b36c996ed3f900c7d8995f9705f14cbcafd8382a7fa8edf0ad96e12c55fec1

SHA512
94e1f8e49839bfcbc396c97e077b284c13393952d730b1f1f6d7eb72f4d0e85c507a21bd0e61a1a09fb92447cbc9862a092bf9b9feddcfad3935abf5318afa6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
bd128284bfbd389ab2e282495b5dd022

SHA1
65a5fc670498f4b75c5e319b4d9588543e086390

SHA256
bbe6a9e8932aa0f3c2e7e816bb00d4797922fe13ecc93f5948a31e772757e0a6

SHA512
553c3f8c1c15886a7b6e4a999d92533b1f50ba7dca8e6155add3f7022c6d053fdb653c285d139266f5f6c092924624ecd44098ce5469b799ded13720a28e49dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
276KB

MD5
c548af2d47cf73ee8ada9709eb4f4f64

SHA1
aae84fcb2f88a65215c4cd165a8cb7c8626be1c1

SHA256
0334ba0152d7b319c6590f5eac579c87186d6950ac22ddf8f06f39c54fb50bea

SHA512
ae50aef83b7eff1363695ee9c55be872aa3aa148ca110170eb41105cc9d1366f1cd85430b3d0dc9d98b4db67f3c8714b3c2f9535d78f0d6f3c7acff49dafe71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
276KB

MD5
e057ff45a3b64a43da741571672d113e

SHA1
31175c3ef56cd0ad665a14acd9009b2c09cf65ee

SHA256
9839b995e549adf26cbdcce1e89ba4dd489d3804b1d073e29bf1a77664c9d7fc

SHA512
778cd619fd4499ee0916634264fde765020f8baf120e72eb75a67adcdc8431749bc8712528d41a18204d46fd217d97d167f08131083ee48c35959a6d56f15836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\09771CE2E2106ADA8BD058831BA2E3CD38B9B9E3
Filesize
35KB

MD5
18e668c15c3634b6551cc20e2d8b0be1

SHA1
1d373f477abc4a00ec97d1644765e30135b0162d

SHA256
a0eb695d6c452f17baaaafa52dde78557a7811e21495fffae82d554d76a6b4e5

SHA512
3abb734cb5eb0b419f4fb804f75ad436f45f6f93ab9a828afc8ecd4758682937880bc686d89b9942e402a796d6ad608acbd14ba31289f9f5b32386d2c08c6d9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\3FBD93895EA3B89B674A87A74686D5AA0FE36176
Filesize
121KB

MD5
55499c24ce7ab99d011fe54088194b68

SHA1
129b89dee30efd4bd8d556d00b0fba7bcd788817

SHA256
a483f40b8b69172b109fad24698ac6521bbd9971e0365be1434962a9a7c077bc

SHA512
575a5065c8e3b2b341478acd7ae8268b098e7673345392c20ece4b3b3f7ee7041d74a19c93d68d826618f5c75e3df453f2ba15360c054c0b4538355054356d51

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A6A87C0892E377F8BD3E3EBDE6E406D3448FA940
Filesize
26KB

MD5
af1cbd0e6272a9d597815b2da7bd92e9

SHA1
10f2e856c2fc73e597f3b121a8df4b885aac35e8

SHA256
45e3cf8b91051870da644af1a3438fc2ab3c6c032f546830b71de1c0a6eb4205

SHA512
dea46e3702ed8c6a12762eaa99025bd6791bb28454dac33a470ca5f2ee5ac40eeb9011d39b99e08970c39f40c5f233ff584599739423b4d00bc8722b35d880ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FED07A156F1784533685EA5349FD3F28DC5F963C
Filesize
36KB

MD5
90ee8ed2bd1a9d110320f8c218e32c3f

SHA1
f84143de94744a1746c2c37bc48c56ae8966dea7

SHA256
47822a8d53432bf487cfde44a932c7a72fe013a9b19bae68ddc32b08c528c904

SHA512
4141d927a7607cfacf4b3fb1f5cbb0ab77fc903b4a1e91fd5bc71578a689748af616a2a20e0561f7978fbd2d2a328ff8eb8d3697c6dcdd8b081addcd504324bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
77e94cca3bcce7044cbd018ec069236a

SHA1
0e2072cc46dabba59ad4dc879cd0e713f13c01a0

SHA256
9b137fe081c5c709dfbaf7b081e556806c51ef410077ff58eef3ae5ca7e7b7c6

SHA512
536da1bcd6613785c000d601ee191dd9012329bfc88d00b38a3472f94a4c5ada443eca5f4d755f6991b7c549932790bba9177f8c31fd8d61478c1319bd1aa4af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\add238c2-6728-4dd2-889b-97e3a3cfcfb5
Filesize
746B

MD5
27eadccaead06c6eef6763619b23d09c

SHA1
5ff40243be12ec9cc56d6456fefec6d7f3b459db

SHA256
f942fbf26ba65711fdb6e710d14f4a752ab4519ac1f37277c77759f9f4ebee53

SHA512
eeaf59e030531ffb8fd0f2a16a13536d2be2b0f98ec32073f50e5ba159be3e8da9bff324471dbabbac106992170a2d60a1e1579886bcec697df5657e1696fbf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\f717679a-5648-4eeb-a2cb-82624c1d1ccf
Filesize
10KB

MD5
4a1f7f50900b01d87017616b4542cca6

SHA1
bdce4f7db6146595ced7252e0dc2bad47439b481

SHA256
2c081a139bc8cbffd37f809032bb234dd1bc62e531cd7ba1683f0af7a031256d

SHA512
56a9e5c54c9f05c5cb628348f9616bf34b8c8d8487cf093be587aea0f907e4137b21e046e01ad38be9d6b05bc68eee505fbb119c215871e3a30a0ce86ee4a242

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
Filesize
6KB

MD5
4c748a821a37b0a2db7afc9f19ff3d75

SHA1
d1090f5d40ea06eb89b2303feffac1075b8d13ba

SHA256
37a53be953333961de8cb17361ba1390b4497bb153381bab7e19769e2e19b87a

SHA512
c8047069cc7b5c640540e83c7823cb4a992b2ff07c6f24cfb57bf92913ec16f4ed9eab970b6afb05140ed6da515571cef0dcfe633be787a3357afdd4263402bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
Filesize
6KB

MD5
0242d738411b6f0b09ba8df670677f24

SHA1
2e3b3080143a94599f4e875e037f8f5586562d6f

SHA256
6a4e0c24fafe3cbf1ce8eaf67ae210144fa88dcc914b20fd01fe6fdf62bf5dde

SHA512
9d6bbca03902fe74f3ef4d2890b3ad8dd0f5696082254c9854ce0419f77751f3419cdfe15d2ed093870a75b1684526662a5ea6c66010a76aab6d0a94b4c0ac41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
Filesize
6KB

MD5
f27dd4244152d3e704fde0fd44010a0d

SHA1
1fc2d18998ad77ac05f3d7a52d8b193be49167e9

SHA256
767710f9b2416674cb89ab48794f98cd9167cd240be9d9993b3e8703b5765dfd

SHA512
ce317385a6d960dc488bd6324da540ae4cbcc3f26ac4a67e65ba7273c5e5b3fd218ead279d6d74aeeb479f166f09884b1413c3e268054b2a9f3bf9fec4b3f66d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
40KB

MD5
e1ff7193d863a8e7e87172a5c52d1415

SHA1
119c6d17b20154077eac55a126c155d84b598e20

SHA256
d2b20810aab9073d0d9c625b1924985a4c207f9f0973dba83f0c36f7fb53c0b3

SHA512
1b7a048635047a37938a38ddbe2782166c6d2a3901d0c7eb14f51978b4ebfe3cc8515314ecfb1194c881f683f3c82d44b226525810e259b3fc4fdf8c55a5a4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
Filesize
39KB

MD5
16e6ca30728e8cbe8efcaac803bfb3dd

SHA1
a2007d2c237486bf9bcffe2b3380827b76406449

SHA256
5264de01da45e557508f63a8221467305e6c404d2607ee398fc36316e8c2a6cf

SHA512
fcab5d0fbc6c8cc070d9ebdcccfd438089ae9a150811594ec622a9159ec9c735615972e98a99b7119a32f3d723f33471860491511a3abdf48bc0bc5cc9b664c7

Download Submit