3bcbe711a731f170314ee3256f074de87a66f9394329c2f768ee4910c12937c0

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

20KB
MD5

c291aa838e5638401a330401286f18db
SHA1

631907a720780a413f9030968b65fa5bc1a56d12
SHA256

3bcbe711a731f170314ee3256f074de87a66f9394329c2f768ee4910c12937c0
SHA512

f347c7c1aed6da067ec46dc778b334b2683dd2d8aa120807bd5259128a391ba91f9cd518d1b4355a49ae6b6c781595227431f278895dbbe14650dc8003376e77
SSDEEP

384:xLIro5slm863zRYABxm4ej61G0aQHtQamHTB/VvRyEoe:xLmq99Bxm43/HtQ/zB/Vvie

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629746046797119"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3152	chrome.exe
3152	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeDebugPrivilege	5916	firefox.exe
Token: SeDebugPrivilege	5916	firefox.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe
Token: SeShutdownPrivilege	3152	chrome.exe
Token: SeCreatePagefilePrivilege	3152	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
5916	firefox.exe
5916	firefox.exe
5916	firefox.exe
5916	firefox.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
5916	firefox.exe
5916	firefox.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe

Suspicious use of SendNotifyMessage 45 IoCs

pid	Process
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
5916	firefox.exe
5916	firefox.exe
5916	firefox.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
5916	firefox.exe
5916	firefox.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe
3152	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5916	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 4424	3152	chrome.exe	119
PID 3152 wrote to memory of 4424	3152	chrome.exe	119
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 3688	3152	chrome.exe	120
PID 3152 wrote to memory of 384	3152	chrome.exe	121
PID 3152 wrote to memory of 384	3152	chrome.exe	121
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122
PID 3152 wrote to memory of 3844	3152	chrome.exe	122

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3816,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=3284 /prefetch:1
1⤵
PID:3096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4172,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:1
1⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5260,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:1
1⤵
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5432,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
1⤵
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5452,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8
1⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5284,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:1
1⤵
PID:4764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6072,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
1⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6268,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:1
1⤵
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=4776,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:1
1⤵
PID:4472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=4956,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:1
1⤵
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6260,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:1
1⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5904,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:8
1⤵
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffbf983ab58,0x7ffbf983ab68,0x7ffbf983ab78
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:2
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4120 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4716 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3288 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4380 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2696 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:1
  2⤵
  PID:6856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4136 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:1
  2⤵
  PID:6896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4092 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:1
  2⤵
  PID:7088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4920 --field-trial-handle=1860,i,14975928440295821238,11911208974964284846,131072 /prefetch:1
  2⤵
  PID:2208

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5900
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5916.0.1032914775\1787310399" -parentBuildID 20230214051806 -prefsHandle 1820 -prefMapHandle 1744 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b335d90e-707d-4f3c-9296-aec87845ed9e} 5916 "\\.\pipe\gecko-crash-server-pipe.5916" 1900 23e702f4958 gpu
    3⤵
    PID:6092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5916.1.1251819918\1493396299" -parentBuildID 20230214051806 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68bee2ae-dc07-486c-8354-cc033201386b} 5916 "\\.\pipe\gecko-crash-server-pipe.5916" 2468 23e6458ab58 socket
    3⤵
    PID:5128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5916.2.1050713297\2105725678" -childID 1 -isForBrowser -prefsHandle 1640 -prefMapHandle 3016 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 988 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a236ad7-ac25-4cd2-a76a-d033c9048753} 5916 "\\.\pipe\gecko-crash-server-pipe.5916" 2780 23e73fe3458 tab
    3⤵
    PID:1760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5916.3.1716176732\1718205334" -childID 2 -isForBrowser -prefsHandle 4216 -prefMapHandle 4212 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 988 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67ce4443-4ba6-4222-beb9-f14976b23994} 5916 "\\.\pipe\gecko-crash-server-pipe.5916" 4220 23e7604bd58 tab
    3⤵
    PID:5168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5916.4.1675680632\256596656" -childID 3 -isForBrowser -prefsHandle 4364 -prefMapHandle 4972 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 988 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efdebb11-735e-45ea-bced-72a5952b3424} 5916 "\\.\pipe\gecko-crash-server-pipe.5916" 4976 23e7802a258 tab
    3⤵
    PID:5868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5916.5.1732084585\1855979905" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 988 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02fc479f-f2bf-4a01-b77c-56160cf0b720} 5916 "\\.\pipe\gecko-crash-server-pipe.5916" 4996 23e78029f58 tab
    3⤵
    PID:5872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5916.6.769584873\729393100" -childID 5 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 988 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c79bd98-4761-4d3c-ac2c-ac43d6d1320a} 5916 "\\.\pipe\gecko-crash-server-pipe.5916" 5292 23e78029358 tab
    3⤵
    PID:5880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5916.7.1960555508\637831356" -childID 6 -isForBrowser -prefsHandle 1540 -prefMapHandle 1596 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 988 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82d3966a-baab-4518-b519-c4ae160a6ec1} 5916 "\\.\pipe\gecko-crash-server-pipe.5916" 5716 23e64582e58 tab
    3⤵
    PID:6048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6112,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=6460 /prefetch:1
1⤵
PID:6540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6cef31af333a2bfa228087445a12d212

SHA1
631f0ab02035811727581b8fead49b1902ead1f5

SHA256
33b6b89897bf696ffac452debfec500d75942b5d07b3fe8aacf1dfc400e5824f

SHA512
934ec61e8a11a5a92b3102ec93bdd5fbaf79821b276657453ba295d01e0a2abc314bb7634f64f746b98861b909b43607fd95c663b8e1d0fd9c1dd18a664dfeb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
18d70768861f635bf32106898259f792

SHA1
6633adf87ecbef77d6ff6c9151c836fb45bcb289

SHA256
8c291e6256e7f861130e089db89c34abd574b1a0c4a432f78cc3a985970ccd0d

SHA512
f4ba6a7dcb364b36512c522cf50d94c3aee6ccec5d12f1a28a446b3c5aeb5577549064b367023ebcfcc9f2133c37e055e30c7b4bfca4eb340008790fd41572cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
972f7a086e8ada54bb52dc57ba9895d9

SHA1
25d1bad4e4b1b720f095c22e2998877ee6252c20

SHA256
77bd83a45fe8f9e39413bc38c02c6bd8d84225557aa1041e74c152738e219d6b

SHA512
ab78a03992b25e9b20101e10b52416e07f34127810bfe6500f98917550788dca499fdca60edfad0e8833bccb3183b711f020a1f6e431e80735cd5f1f45a8435b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
4ae570caaaeb5bb80fd0f95124154171

SHA1
8733234a81e22f6e9e528a56a5f8d5f09cc8a156

SHA256
dab68bb9227c76149876d2c9f8cc56af8ca5f5d6f82d00d435aab48919f70e8c

SHA512
1a0dc1a15768f48176a1a25b5690835b9de775e9f531776d1d967bf5fa34ade0650093a78cc69820ff70741447801e29392b6aa312e79b2eb93f3f10d739e5a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
cc4c146fd28a0a48e862d48c86625b59

SHA1
fd10d03271a785cd5cefecdf2d7b60bab9b262f3

SHA256
f69a4fca4c815fd1a02aba034e2f42f4a9b1243f474c6cbb32f5b20ba03f75db

SHA512
fd84cdbaf14d8db742dd240a928c453241d79c2f295cb8eeef153c98bcb5648fb7e59f3202dccdf5a0d5bb10a815aec46f7521c7b8d494fbc84288b670834a67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs.js

Filesize
7KB

MD5
287de37a443c5e5d10f56764947005f1

SHA1
8e01c01054dba005a8181b34ea4cb20252082c9a

SHA256
ce8017b327dc61a9f08e7bb04cd575bc834d5ebd941cc81605037a780e017715

SHA512
2ad05a09166904352d4bf274eba39dcddbf1a8badbbdf26995ee17a8c651926185b1d9e62f8c0b8fae4f4590222d28553a12c193821a0a7e88c60f801fe3fc69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs.js

Filesize
6KB

MD5
80caa9e2aacf63a86e57637e45796125

SHA1
6f579e7f23ba4ee673c17bb09561b03828bfadac

SHA256
bf04ae9535954e009ccc5d4f1487a870f3d0b1d1214d9137a2f50ddbef180842

SHA512
812aecd3ffc17318fa21e2e0c32ee96fec1c1df442799eb6ec3f4c3de8b70a82068a910b59c7a109b8bd050e97cc520eb71ad1ffb8fc8ed7bb329e8f1bfafef1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs.js

Filesize
7KB

MD5
7ccfaea19d1e5015ba81803a72470f8a

SHA1
62f108e422e95ebf9a7cd155dcef0dba96459d1a

SHA256
fec423ed11d6e4f4b66dab1f5c43e46a117a84585a04c7f0f3267a79783f4956

SHA512
b467eb92efaa1cdb17713456ae1b5d56f86a757f8f208269d7bc403e08ecec027bedd8c5926482b07702ca2514c23723046964e4f92e335afe846be474e3cb30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
16612c95c0c09b03616a6ad6dc3a396b

SHA1
2ddcd05494c1220137c70cd7b2938dd30410f714

SHA256
1e454a7a1c2a45d3e2fb416c3115a1a5d308d08af70abd195e5db1419088c5fe

SHA512
96307fd5f49579429d2d0ea88a6b7f79628246d7715a72802938591d952547d325900d39100d77ed35793aad55f559d35902590bdf4ead02467aed8ec7670278

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
dded35538b7130211d04fcec1e066034

SHA1
ffe768b7c7462c26fe1ca0751c0d952175dde098

SHA256
e03314094448d3ca4643c8791051f9aab14de8448abef6d354d4ff338fe443b0

SHA512
d08be8baeccda74102767b1febb245513a44fe382dd5162be8038aef1eb33fa5a2c95f34020a7bd21facddf5cb5e876e3200e3fcb8f74951ed462ad32cb0254a

Download Submit