hxxps://builtbybit[.]com/resources/free-borders-for-server-icons[.]32979/?ref=discover

Analysis

max time kernel
72s
max time network
71s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
23-05-2024 04:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://builtbybit.com/resources/free-borders-for-server-icons.32979/?ref=discover

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609109828076456"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
1220	msedge.exe
1220	msedge.exe
2308	chrome.exe
2308	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe
Token: SeShutdownPrivilege	2308	chrome.exe
Token: SeCreatePagefilePrivilege	2308	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
2308	chrome.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 560	1220	msedge.exe	78
PID 1220 wrote to memory of 560	1220	msedge.exe	78
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 4652	1220	msedge.exe	79
PID 1220 wrote to memory of 3916	1220	msedge.exe	80
PID 1220 wrote to memory of 3916	1220	msedge.exe	80
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81
PID 1220 wrote to memory of 2432	1220	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://builtbybit.com/resources/free-borders-for-server-icons.32979/?ref=discover
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc0b5d3cb8,0x7ffc0b5d3cc8,0x7ffc0b5d3cd8
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,5433661422561477999,10201438585711463767,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1812,5433661422561477999,10201438585711463767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1812,5433661422561477999,10201438585711463767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5433661422561477999,10201438585711463767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,5433661422561477999,10201438585711463767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1812,5433661422561477999,10201438585711463767,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbf864ab58,0x7ffbf864ab68,0x7ffbf864ab78
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:2
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4272 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4168 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4204 --field-trial-handle=1824,i,5212011642095040913,2148106714056793109,131072 /prefetch:1
  2⤵
  PID:2284

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
165c65b77c72b774ba1a6cd59a788ef8

SHA1
822099fe4b4669691990ba842d45ebc3385a06ba

SHA256
00cdaf061c143dea4783a5c8fee5f5e35543da98204665acad7d075a1c61b602

SHA512
6133fdefd5d4cd287ce591ce9f8edca47a5db46c7fc9b12768996ef2f173f33ed413817eb0c70729375d6156a99d22b20552ed0c2a947de1aeb438b726f81862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3d8429d856e579c0c20fb0f86321a02b

SHA1
6e1316207a4439b6d4bec58cf2874228fab8f5de

SHA256
6bb96461f80d23693d39197d5687ed76f4bdb809546642c17368079f26be0167

SHA512
5e0b7073d089f66c651a82131709d160469f2f7191b987eb86d35f228df1d57f2c92e54ffb24c777d5c37f5194e4edb3b25d4fb7fd9bfcec6ca6a4f876d3327f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5fe15fc9de1d8134b32a053d278afeb2

SHA1
d694f050a8087f920c896a93d753d4b067314d7e

SHA256
46c8eb689bb2685817ca57204770d8b999c9a70a8170427e4d2da945387ea508

SHA512
eccfe9c52f4f65eac9f84955e8ca92d9e28edf3d6d6b3a49ad7a78ceb16cd752513e6d804e1233d9bacad8fe0e3780090a3d6e0db254ddb3e4f1b6253170fb1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3ced4c4060b4f2ed9b0611294f82cdfc

SHA1
fd8eb7c03e0be82701a0883506697cd328a487be

SHA256
21935ae5bb9bf2aabb1ab2e22e5629e2546709657b79fbe53b34dbbb3bb394ca

SHA512
7891b97003d5ff99e40beeb70645d2bf4e177115ee979b71b0e26c9af1bc56873160964603ef8cfa50a1f41e6327f8980584f0d849a322153a7c1e7b27609151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
108c8bca8cd8348b8c9b26f980a77955

SHA1
8e494c878a3137f37461cc42e745458cde730090

SHA256
9b9b7bb246b580c201f9099fae4b40a8e15b48173148b52ef98e0980ea2a917a

SHA512
5d218cc0d71f084d9a963ac1e7300ceef4f108a7f7f981591e0bf5d43afb737cdf3c0879fc5161d2ca7b7eaaea8420e954a64409f491428d9c2dec4053b4cca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6100c696d7b84e06dde879bc2121c991

SHA1
565248b1812072e0e6d4598affd38a26cecff557

SHA256
265c17f1f3585fa5d992f80937d85670b379e80dd2373c747daa731498fa74f1

SHA512
3dd27ac64d9d6840a7fd305ad90c89e0d387c8c3c8d8e4bd9cb72a3fc26ef6c807be3b3cbf6c7f3ed7f8b6064f796d377459f9f3e5005676389852e0a9065f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
7d3490bb6aa78d3d5c3ed332efeb19ca

SHA1
a31c37279e3f3c8d947dfdbf0c4d0c122bbf5ada

SHA256
32a29870fcde2756bd9ecb7979578e254d0b308ab447396fdedad56627f53b7b

SHA512
2b3e64caaa3faa6b754b8522f3aa4ceb7c1314007fc9163efd803ac6d8e21af483b58855472f6f2f0a405f3828471a6bc018f4dcb6dd5980e485118557a9757c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a28205b33add8b24456990855cbc7c02f77b12a4\750e4186-bc43-45d1-9725-10f6eab39d22\index-dir\the-real-index

Filesize
72B

MD5
ba3a7096575715e5b53acf15f68fea64

SHA1
17e07c6f06f315aba1ba01e67f2031b1a978f35a

SHA256
326c49287c32d33851e69ee5f2950453c87b0fc1e386415b9437aa5900238659

SHA512
97f9125eb0357feaf6236efc24051fec166c18546a41973bf74e072e1c4713dd32490046a052f5eee93ab0881d8346a6606ec51f326cef9aca59c7c169f416eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a28205b33add8b24456990855cbc7c02f77b12a4\750e4186-bc43-45d1-9725-10f6eab39d22\index-dir\the-real-index~RFe583d52.TMP

Filesize
48B

MD5
dd1450441c02d1552968c9b78e02cbe1

SHA1
4296e7924d488bb1a3eeb4333a7244ce197ec32b

SHA256
f7dce96cf506415bb942cdd13fd63b3d0f08eccb79e2572a03042e26d8723bf2

SHA512
92505718a1561ea69cea93afecb530fd9ffee1f2a9ffc1d42851a0b9a670c6f3de4029d6ed48890e7d1ac7153fac2b07ad82fe7ee02b4e766774f974f27f2ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a28205b33add8b24456990855cbc7c02f77b12a4\index.txt

Filesize
113B

MD5
11ce0f6314b09624e8929adea0322614

SHA1
7808d669738ceb3fd8b1bba4da14a8a21a5d8210

SHA256
387a31c5ac79d0b176d8937e46a891c54675ba45db569771a01a71b3d38673a4

SHA512
a7fd1aa9c2338d97bf3c2c52914863225f66e7e61b76696baa1d92a030499257c62f580c21378863956b62c80ab50d46819f08213c5998b3dceaa3fb96d768d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a28205b33add8b24456990855cbc7c02f77b12a4\index.txt~RFe583da0.TMP

Filesize
119B

MD5
e8aef020aec933aefd71d3a956e0b4c0

SHA1
ef2208bb5a46a77851bc1d76119e49e7ecb092b6

SHA256
74015696b738ff5b6b9c3e2fef4138b5c672f50e0aedb0d6861b50bdc212ea3a

SHA512
413651777b65e0dcb14edbb40a3717c18668ca79a2fd2f94068c70155c81d4a61443dd075d3a7b927b20062671e95e58e453cef4d92cdb99745d381f95ce5225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
96B

MD5
21abf746631f33cc0261cd934bcfb73a

SHA1
5d05cf8969bcc1dc7bc1a01224b5d5a54ff2f38c

SHA256
03ba35e811129a4219ed3da3c4ee37cac8605757f58492a99cdc2cebe01bb84d

SHA512
9b4a6eb3357804ab60e32234753188ddcdbee0dae808754b4c4142f4ec4c3d3ebd2dd3bb0feec8209d464f7234bce6b98ec8ab0ccbfe4e1a0c92d32e40af0bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
cd34125e74b1b0d685389b2188b04044

SHA1
62cc210536681ae3e3b4bc6615a467cab663696f

SHA256
7ed93ce534bbaa2b65662cdca0b62512da4b7d277ecd1dc3e695266949fb351f

SHA512
43709634d58777d824c87fe75223fa9b52339ea27d56af5417fdccbf27c9e942443b27141a8bae122ec276d9f629cfeb34fb1b59d69b1c527419b182adacb5fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e4ed4a50489e7fc6c3ce17686a7cd94

SHA1
eac4e98e46efc880605a23a632e68e2c778613e7

SHA256
fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a

SHA512
5c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8ff8bdd04a2da5ef5d4b6a687da23156

SHA1
247873c114f3cc780c3adb0f844fc0bb2b440b6d

SHA256
09b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae

SHA512
5633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
718cbf7a35a2343b76ed9d321424ba82

SHA1
293b85baf1995c3b486fdaeda87dbd3db51e02cf

SHA256
00c046b16ac9191eed0de9203bdeb58f3ccb0eb2fc965ac40a91a23221f9a979

SHA512
72236969c50422885884254ca5527b603c3c71dc3fd33d1ddff48951f83ea2de75df77b651a8fa7a1bc85f65c2d4fadfeeb3bee94fdad1be85152ca7bf84f659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60fd81f5ad524dfdd78fe61f65b07cf8

SHA1
e42e996b64f4b665350dc6d3d2ec67543c5da709

SHA256
efb0982dbb4cb3cfce6116818b776da57bf38126d6f758098d7b6dd315c681b4

SHA512
e0fed7825eb7b9135e363813876de1ea93fc2d4acfb45885847db33dbe163746990b9f47bdd36b4ce65b5f71b90c31ca5634fcdf5455abb73830e95b844d5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9bb9fc37348e5f59112f42d3eb272c5a

SHA1
09d0471ef428ad31fdbec7de405adccad122d41d

SHA256
2f6aeec2b224883c9bca57584a52e203a79b9ff99410897c57574cd9ae5a3117

SHA512
2308f2332a0d466dc3f2e583b898ffcc574aef006f557c79244353f989ef9393a24715dd412e38c485c78f719bd5556eee6135b3cb0ca7ea6c67d9bd269cddd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53261e4d19fbcba1b57a90d411bca912

SHA1
9e6e96f9c0473afec83acd24b1c66f563d48e296

SHA256
a65c7b876b49a15264a52fea8b6a4b4398cd5d240860855690235538489d4bb2

SHA512
b284daf9aa7af629c1ed1c93166d7d4f633b7586101d89579573d044ade17dd4cd489da3c2e8c3e9f0ed74f2c1c7d5a4345489cae494452ea8c4be43fcf209e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
51d178831f79d7a388bb06c5b16e8fd3

SHA1
42ea6d3e08d3cb358d75d530aa5f7ca451d9fedc

SHA256
579ec05e2ac63de86f2b2fa9d92e9906c97362d36cd619ecff2e50c688691999

SHA512
c48bfd11019c155af1e721069a027c64167378cebc3dac4ed599904b69d53f751cc83511e896ff91cbf25ec9ad44ab695b750eeb1ec3009aee3aa7ad5ea85b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a350addfd39410a14310e01b63a2f781

SHA1
0d0cae26a09979c9c342699fa51f0d26cdbed52e

SHA256
ea65652e60c84a2fb66398f6c7ba5f3785e320f8e31b02cf1357912c6517a2c8

SHA512
39647a14aa71af2a61fd70f5caeccd7af832207a5a1b353f47c438e0a342931006e825a6146bcbb672a07e61cd7bf44e9d984314d69ffd8e0e3d7f227d2fa69b

Download Submit