d02538788fb57f568ece292f5fc20e9775c86d504de67f57e22534f84adc73c6

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 10:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Monoxidex86.exe
Size

277KB
MD5

dac0c5b2380cbdd93b46763427c9f8df
SHA1

038089e1a0ac8375be797fc3ce7ae719abc72834
SHA256

d02538788fb57f568ece292f5fc20e9775c86d504de67f57e22534f84adc73c6
SHA512

05cc1f6bf25a6545a06c735ae7a4a7fc25489bdb9fbc8d5797be623982662c4a93cba2d20bfe14313ef1548eaaa691e55fabdd8e3d3e45de9ab42dc62f9a7023
SSDEEP

6144:8nXw1aOBixLVTCB+3ZXF9lOi9E3AAqgmR:8XOixEB+3n9lOi9E3AAqzR

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133606758148261885"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1640	mspaint.exe
1640	mspaint.exe
4040	chrome.exe
4040	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	3772	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3772	AUDIODG.EXE
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4116	Monoxidex86.exe
4472	OpenWith.exe
1640	mspaint.exe
1640	mspaint.exe
1640	mspaint.exe
1640	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 4136	4040	chrome.exe	118
PID 4040 wrote to memory of 4136	4040	chrome.exe	118
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 4828	4040	chrome.exe	119
PID 4040 wrote to memory of 3676	4040	chrome.exe	120
PID 4040 wrote to memory of 3676	4040	chrome.exe	120
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121
PID 4040 wrote to memory of 4768	4040	chrome.exe	121

C:\Users\Admin\AppData\Local\Temp\Monoxidex86.exe
"C:\Users\Admin\AppData\Local\Temp\Monoxidex86.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4156,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:8
1⤵
PID:784

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x32c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3772

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4472

C:\Windows\System32\fontview.exe
"C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\RegisterSuspend.ttf
1⤵
PID:4372

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\RenameWait.wmf"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffca840ab58,0x7ffca840ab68,0x7ffca840ab78
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=2272,i,11524428957442534835,3552980665932809457,131072 /prefetch:2
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=2272,i,11524428957442534835,3552980665932809457,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1664 --field-trial-handle=2272,i,11524428957442534835,3552980665932809457,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=2272,i,11524428957442534835,3552980665932809457,131072 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=2272,i,11524428957442534835,3552980665932809457,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4328 --field-trial-handle=2272,i,11524428957442534835,3552980665932809457,131072 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=2272,i,11524428957442534835,3552980665932809457,131072 /prefetch:8
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=2272,i,11524428957442534835,3552980665932809457,131072 /prefetch:8
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=2272,i,11524428957442534835,3552980665932809457,131072 /prefetch:8
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=2272,i,11524428957442534835,3552980665932809457,131072 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=2272,i,11524428957442534835,3552980665932809457,131072 /prefetch:8
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=2272,i,11524428957442534835,3552980665932809457,131072 /prefetch:8
  2⤵
  PID:6820

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://java.com/
1⤵
PID:5960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=2884,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:1
1⤵
PID:5820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3892,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:1
1⤵
PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5256,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:1
1⤵
PID:5964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5284,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
1⤵
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5412,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
1⤵
PID:3064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5840,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:1
1⤵
PID:6704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=7028,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:8
1⤵
PID:6560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
900b1ee656d9268f135bd8b8118792ea

SHA1
d5448c44e1586aed0cefdec2a6a38c12f96e685a

SHA256
6a7b9cfe4736fc16c984c37f5b4ba9ef9b49e56bfbd0c685e77292eec4d2d607

SHA512
c467a0fe6aa2396efb2b91c2c2d225afe554998f8f4ba63a03af6fff8d52e55e02f7cfb35ddafe800e7401ec03c0e0feaceb670d7fbb8e651b9bdaf150ceb37f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a0d8e51b55784cf401fb31c6ddcb5286

SHA1
c81285cecb8432acf2b12f6f0d1e59cf83c45746

SHA256
56302c76d95a356dc21a8bb1d54e0fd8ba6d5b92651f2fdcb3d0939a554addfe

SHA512
ad37c814f1e97385230e4a8ce0b708e5478461440d7fcbc45abfe6fe6c4f9ed8b305e2bfb75d8b53184cbdc9bba2485d6fc4b8b36b588f8cb5df456bcabb238a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c94a7c24dc8728901c449ff917c57525

SHA1
6718b979e12d11d3243c88437ca84c4de84644a9

SHA256
2c9e61990a73748f91e69e24075bfc0ff275e68d7401c289b4b62c5f2ce33819

SHA512
a048c96f15228609fdce611b93e842d1895afaa030197289e92842edb718fde7500cdda71de8ce9bf6542bc137dac1f48b0f668ed826e5d8def68cacaa0fe514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
33070f669d69c92b195bea3ab19962af

SHA1
ea472a5ebee819616054ad7862ff0893f158bf03

SHA256
4db3253407ce6ab03c1c17cbd54f82cd6381bc12d4626359a6c1f57e52af02b9

SHA512
27f25ce3d95859cf9c896ee2bb4d7167a68a04f3b724672acf7ebf46ce0acc374a29876559d1eb21faccd36912090bbf4cccf4ca69e440e9cd39aaf0d9a6ec4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
60ca9169edb1bea401d46993632ca427

SHA1
124da036dd7716f56c8e0d74699d339590b62716

SHA256
f0ae15d142940f3899a0f29e803c631ff73d0b4a2ac8924c5efef241a8170750

SHA512
ecc3dd6b7229d739384f910fb9d0b721a281dee03daaa7ef8a0a0982853772662a1b24a519f1117abe3d94c3c2797af00c1b2e7aac99721d1f542576d814f79f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59b8b7.TMP

Filesize
89KB

MD5
64682b9ab6b26062042d76b324f3554f

SHA1
184d3463c6922dfb3d9b30b0c866a2bcb8e89cbc

SHA256
94855d7c2e22a0d54e2795901a53fad458f611c8469ab122eb2533a00b5f9ea6

SHA512
e13c884e4be3e1119aa7cb1c06b7dc8ceecc68e21d1cb6a8a1293ece0564dc21521f702c965590be3384f933c65e4768f75fb98094a0aa7f341a8f981537f5c6

Download Submit
C:\Users\Admin\Desktop\AssertEnable.dwg

Filesize
1.2MB

MD5
03800fceea38ddc9d959bb00fe8050b9

SHA1
a91ccd203fd0b56a87f5f4f3d06b7ca1044e2b3e

SHA256
c180cb22bc48daf541d6b61d73a378c9b183a2737aef661f4d04bbf18d8e77fd

SHA512
eb2ba37762420ea4c1d9c503abaac526ee7b8be598d5540aa143ba8ea1793b94120e3b23dbcd2f5fb3f0ff6976aca8ff12e59c55c5067e22573f2db72497348f

Download Submit