0c5b39bf45aeed26e67f089fde0b4f9794482d524d03ffdbdb4a53a669f4ceef

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240419-de
resource tags

arch:x64arch:x86image:win7-20240419-delocale:de-deos:windows7-x64systemwindows
submitted
10/06/2024, 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

4KB
MD5

5c281fb60ae0ebde522af14cffe685c9
SHA1

5db7fb52a5774665485069a7e28fdda0124bd26b
SHA256

0c5b39bf45aeed26e67f089fde0b4f9794482d524d03ffdbdb4a53a669f4ceef
SHA512

3f70a01161a4ae3c1e99cf92f5a69c45a71da8829fd3cdcee52069776c396aaf72589569295723755fa0f0fa7fdc1524842968004caefd90daeef348007b8eb5
SSDEEP

96:1j9jwIjYj5jDK/D5DMF+C8jZqXKHvpIkdNxrRB9PaQxJbGD:1j9jhjYj9K/Vo+nwaHvFdNxrv9ieJGD

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1104	firefox.exe
Token: SeDebugPrivilege	1104	firefox.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
1104	firefox.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 1104	2244	firefox.exe	28
PID 2244 wrote to memory of 1104	2244	firefox.exe	28
PID 2244 wrote to memory of 1104	2244	firefox.exe	28
PID 2244 wrote to memory of 1104	2244	firefox.exe	28
PID 2244 wrote to memory of 1104	2244	firefox.exe	28
PID 2244 wrote to memory of 1104	2244	firefox.exe	28
PID 2244 wrote to memory of 1104	2244	firefox.exe	28
PID 2244 wrote to memory of 1104	2244	firefox.exe	28
PID 2244 wrote to memory of 1104	2244	firefox.exe	28
PID 2244 wrote to memory of 1104	2244	firefox.exe	28
PID 2244 wrote to memory of 1104	2244	firefox.exe	28
PID 2244 wrote to memory of 1104	2244	firefox.exe	28
PID 1104 wrote to memory of 2672	1104	firefox.exe	29
PID 1104 wrote to memory of 2672	1104	firefox.exe	29
PID 1104 wrote to memory of 2672	1104	firefox.exe	29
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 2584	1104	firefox.exe	30
PID 1104 wrote to memory of 1120	1104	firefox.exe	31
PID 1104 wrote to memory of 1120	1104	firefox.exe	31
PID 1104 wrote to memory of 1120	1104	firefox.exe	31
PID 1104 wrote to memory of 1120	1104	firefox.exe	31
PID 1104 wrote to memory of 1120	1104	firefox.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sample.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sample.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.0.524609278\759149726" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1164 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5fcfc4f-b78a-4ece-84eb-e41036b18794} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 1332 10cece58 gpu
    3⤵
    PID:2672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.1.659983230\1299529377" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1460 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c93440b-8f76-4a7e-8ad3-0f76a4edd741} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 1508 40cf858 socket
    3⤵
    - Checks processor information in registry
    PID:2584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.2.1960497548\1979066265" -childID 1 -isForBrowser -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 672 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c1611ba-2310-4e21-9ae4-4c16b00593da} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 2088 10c5b158 tab
    3⤵
    PID:1120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.3.1975202055\1251905389" -childID 2 -isForBrowser -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 672 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8220866-bb29-4d40-9bc8-21f0cc3c70db} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 2464 1b9a4558 tab
    3⤵
    PID:1076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.4.526270020\1586186119" -childID 3 -isForBrowser -prefsHandle 1172 -prefMapHandle 1176 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 672 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {435861f6-d5a6-48ce-a11d-49e0b6cea447} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 3600 1d6fcb58 tab
    3⤵
    PID:1428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.5.1579270072\1470433923" -childID 4 -isForBrowser -prefsHandle 3696 -prefMapHandle 3700 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 672 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b55e66bc-b296-4b84-ab3c-557b1aa8ded7} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 3684 1d6faa58 tab
    3⤵
    PID:2436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.6.948870153\1046622942" -childID 5 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 672 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be1a7548-2767-49c9-b7e4-296770bf78ed} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 3848 1d6fbc58 tab
    3⤵
    PID:2744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.7.1303345910\2074492327" -childID 6 -isForBrowser -prefsHandle 3148 -prefMapHandle 1952 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 672 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93faac55-04cd-4695-8c32-790bd7ebe0cb} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 3160 d62958 tab
    3⤵
    PID:924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1104.8.1462097028\207610579" -childID 7 -isForBrowser -prefsHandle 4172 -prefMapHandle 4176 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 672 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7f2569d-b39f-46d8-afc1-131cd4100a63} 1104 "\\.\pipe\gecko-crash-server-pipe.1104" 4160 1d6c1458 tab
    3⤵
    PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6999758,0x7fef6999768,0x7fef6999778
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:2
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1608 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1016 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:2
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1356 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3332 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3024 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2704 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2096 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3020 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2756 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2800 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2672 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3640 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2360 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2256 --field-trial-handle=1392,i,14807334251501776249,17176346474268575080,131072 /prefetch:1
  2⤵
  PID:2084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0a6b1010-6b8c-433c-bd28-a8cef15beac0.tmp

Filesize
141KB

MD5
eb077a65275c54f4f342f17115c1ccf2

SHA1
0cb06e52c53a00ec807cd14dab2e54ca65c59787

SHA256
285e35c6d9ea3aa5cc1b2d68bfb32ebfa5ff5d478dfa34c592d9b088515b687f

SHA512
0fdfcbc4f23a41f25745e3c988d5bbeccee161d4179872b1693f1df231634150c85e79b712c297c5f3d74a322a7e62bb68d615fc7e5164320dac9f1f32187739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fc829f786db044dba3e8ab5302f24776

SHA1
d78693dcba5dd171588bdfa5a6cdbeb4f350f006

SHA256
295849042c1f3cec00d3d47dc4c88a425503cf2cd8bbc3f458153abee1304d8f

SHA512
6c42414a336b98a07284a009b1fc98dde9e59f22c5cfdf242b759191d2aa56289534e76877dc01b2839b8e40452063aeb120931608c2f9b4ab454e32b11891f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b9e95331df2d29ebf8c1e055158a1dc6

SHA1
1b6ad79e1470a637cabcdbe33a10424de1bd0194

SHA256
b552ad4f4c65cd37ea2bd63f7eced693234b2ccd9fc92ead2995be70c3a30040

SHA512
16d55344a5ec282d8c1db12727cb9245ed54bd7986de8299957e36e5f3ad522d17c5bc63e4f4015dfe6e02aaffae01510a08086db0f96cb09e898ec1dcb65c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
141KB

MD5
00139c59c92504fc8cee82c929087dfb

SHA1
84c9218c8f002d00fa733ee7a5b12ab957077ecd

SHA256
52b282f2a82d3f79a360e2b43ee7ee04e8d8694d0aaa4c8e5fb046db2dd2abf4

SHA512
abd994f840e3cd65ecfab7a9ad543dd63c681cac230fb353d130a8ec101735c93a8582581734e44391d776a6dcb5c98740e2d4a97cdc64ff46d9189062e3fdb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
141KB

MD5
a05032a1e1ccd5e4ce9732899f765d78

SHA1
e3a624bfd2a859e967e1d84ab50cd216be72885b

SHA256
d0ca2ae9ce19cb5739143ae8ec17b949ca40d3b5509bf65baa29157d0741abf5

SHA512
449319474ad3930406cbe3fb3162d5a60b60130868ae1826377e13f0e3a9c767124fe807703bc28641f6243f980557f4de02686d84b66d59f55fc50b78cfa640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
86a775277f3bfb1bd541be17892db827

SHA1
368242afa6d93a6e41eea60e73b669582a2d10a2

SHA256
7fb626fb402de08648500d9663d18f9b3e0b4072649a6745abf5dc42a0e5ad64

SHA512
1b4cc4b8286e1b52ac716c908503ad3a47a44372ab08cca4caaa12df5a6437d75848e5e63c38c665cce7c9599f2ff56ccb67bfbbc3b1c78503466a8c9e89a7d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e25532c9f74c59c942aea0c7f0dbb7bc

SHA1
0c0df3ccb52ae2530146d85d548626368f908d09

SHA256
0a858be9bf40a5b9c23ecfbfeb7c45fa211538d9e7e00ea680defe3145895895

SHA512
c56186d4dea992f9804a7e41144c98eaf2f81a05343da4ab7ef25a670ffffd12c0fb35eb5770d5f8b87c0a39e08d4cc98a8c1cc610fc6f2711d3db783fed7ada

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\datareporting\glean\pending_pings\c2360420-9aae-4b7d-ae32-e3cae471a1ad

Filesize
11KB

MD5
40a44358eb79b29e0e8cf2af8a1f63b4

SHA1
a9d2dd0fa16b62f35c84a07630ee88922de2899b

SHA256
7659195d077466c249e8ee818250981e9d890f6e1910557657b64862924b0f88

SHA512
b9c3f068561c735623cf991e0329e7862b817331b76925ab24034d4b0b06a12fc631a8484e07aa6725c32834500cc3d39e87d2de73124667b6e50114ab333355

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\datareporting\glean\pending_pings\cfccf2e7-4ede-4c2e-bc55-2e238d048d0f

Filesize
745B

MD5
daf54680c597a4140b8a206f6648e5ec

SHA1
abae6927be43574089b19af35c56c1dc17d51f8a

SHA256
b2ed8a108242925e957167da6462e325f4a7436e420312e27c93f254df60e2b5

SHA512
7191ffc2716cc1f74f08aadde9d91729841e6a04cd22dcd8b811d1358b3f9a8b129df49ed1727fc3fcee8fdff108376053c1b381af858f4cf9417c90aa94f6fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\prefs-1.js

Filesize
6KB

MD5
340db2b36f94298e776717097293519f

SHA1
94f4c9b06a65525ccc999f84328cf970b2c46371

SHA256
8fd93a18c85c72f4ad432cc74026618e12ac9fa783d08c945ddfb86329a837bf

SHA512
743cc5ee3ecb4a4ddaf3bfb266f1f0c0de55978f121ec391f291bfe59ea5cf18a122c5cf78a64ee816910a3e3cb488c9f338da33e1e5112831a87368f2dd8ae7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
490d4d8c7b4f56dbe32a76a0761bed9a

SHA1
a92a08e45ded64ad544ec556dfc7a01eeed16324

SHA256
bb568255c4766e2ee07106b19f5999562476562d6c5e2bf4fd7f7b89706bcb86

SHA512
291f8672251c3df5f04a142d563982c79e8488c5858ed547c930b9e93a10152d530bba376d7d66296c1ec9adf1bb431eb56cf9c4bbb88012bd40e43b5fc5d1a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
0c0b88a30fb6b74da3e63abf6e19f49f

SHA1
598067d65ba7d10b7aaea97bd4c5318083d5d587

SHA256
8cb44f2211ff6aa1fcc3f9fc370ed46195246ef6a1f08ec87e312195644d547e

SHA512
f9ab40753e3997370eeca86c1433eed504cd1133e65ee3f15a95918b6933e9109bfce254a94635c6e18dde17ae5155cfe09dca8fd2342704e521bffc1507680b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
54eb81199bdae7703922cc1103a59cd1

SHA1
0de50f46731f0e5d76823cfe9f78e555bc7ae6d1

SHA256
2a64b38e2a95712fc3330c6398667c847f9e8ccb0e96ca516888dbf17fc58ed0

SHA512
69ec3d9ee61b1b06867d73045fa58d740a7f53feb893815546fbbefb034147a73eb5767614889a54f72459f04d64204474df292c00bf1930eb370cfec5022947

Download Submit