hxxps://bit[.]ly/3E5puGE

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bit.ly/3E5puGE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
3012	msedge.exe
3012	msedge.exe
4892	identity_helper.exe
4892	identity_helper.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
2780	chrome.exe
2780	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
2780	chrome.exe
2780	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe
2780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 4088	3012	msedge.exe	81
PID 3012 wrote to memory of 4088	3012	msedge.exe	81
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 1736	3012	msedge.exe	82
PID 3012 wrote to memory of 4028	3012	msedge.exe	83
PID 3012 wrote to memory of 4028	3012	msedge.exe	83
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84
PID 3012 wrote to memory of 944	3012	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bit.ly/3E5puGE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a24f46f8,0x7ff9a24f4708,0x7ff9a24f4718
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3668 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1400 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,2710834805315922211,3282249843907880218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff990e9ab58,0x7ff990e9ab68,0x7ff990e9ab78
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1948,i,11310338364844641129,8446340463935228901,131072 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1948,i,11310338364844641129,8446340463935228901,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1948,i,11310338364844641129,8446340463935228901,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1948,i,11310338364844641129,8446340463935228901,131072 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1948,i,11310338364844641129,8446340463935228901,131072 /prefetch:1
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1948,i,11310338364844641129,8446340463935228901,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1948,i,11310338364844641129,8446340463935228901,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1948,i,11310338364844641129,8446340463935228901,131072 /prefetch:8
  2⤵
  PID:2208

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
1d7da8aadf35ce6d39b6c0cbabdca8c9

SHA1
bf5322d19af6991723121d309c613173e54a9407

SHA256
9e334ab00346b2fe2105a0c6f41e79bb6974530f2a7e7084c5a9ebf93a250936

SHA512
d272185dfe195df9f83152316dbc1c388b59bdef5f36c3d40b536684b86c846d3a19d805f14263f2fcfc800e76d87c9c4f1f9eb49c8344c00e2a7e6b449bb099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d1c3756ea5188f9f98ba7ebc15008546

SHA1
0027043cb12dbd46567adf2cb80ff44f16ed38a5

SHA256
6e7d4297a23a0c094a6432ace2fb83f48b540a96032f824f2ede55101e448ad1

SHA512
11dd5c8508408b09df242d467570dd2a97158ef913c68d6b6463c7dd20aba8f704d7a10367eb99c70f026bcce2208e49d6df39f6330f25c5ef699be07281f9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9bbbc4fee9ba6e9524139725421af629

SHA1
dbbabcf50ed647e3e6d2fb8957ea8aec74928124

SHA256
9ad1a12fe032d5c5de6fc52515e942f028e26f445ecb143e31485d75e1a97137

SHA512
d1f7574c45dc81cc335b0c50931169e6334babe63e0bc8f85eb42eb48a793b6b16389a2826abe31dfe245c9e047b442f2ea6a10a7f722f5d030c5362f6bb6b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
5ff01d6c6dc573bd97ccd0b19bd12a58

SHA1
2980b68a7e8f9d1ecf7c027dd28462f6c5cac984

SHA256
f5f9e52cf2117a4fbd39c0524144f5dbb5141588f4031f59139f35b9a8537add

SHA512
ce3055657a1a1ba95c3d23c4c1aa838ccddd4a289c5cd376aa72e63005ee040de218c1e51a8e918906cff36729e72c3542a57d2454ff8b69153e5b427b9da439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc1ae399eb2f13f105c3cb7b68482532

SHA1
d59910c9ef47bdcae6fa115aafcf39aa0b1cdd5d

SHA256
c471dd613307b98e426a7eec771f4c0b40438dcc60306ba84141a7cb029b7488

SHA512
dc9ea64fe9380619614e56deb871183e1ac1a63db4f3801680127e5ccae0109000bef6c49f41729e7026df241b1125d4ba46a61d4b799d6c7cb09044fb93bcc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2ac2c0e3f7ea63cb629fb03d815527de

SHA1
7fcd62243d457a45d6de609373619d99aa4339f8

SHA256
0b4aa2c591aba5cbdf860b2b6e0222b3334548e4d2f2b126800436a3e28cb21b

SHA512
3b51061d1a2da12434a712e0165e12b271b027f83943fdc3a1d9c7a951fc1e0bc0d37850a39c3f2ce298c71a1d138fb68ac590ac3b49cd4f7db3f0c5d5268511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2025cdd6794fe99d27448e070609be26

SHA1
9a1a6b874dd03928da9a316b01848b5f5a124933

SHA256
89472f0b425efd7ce14b1a1b057d0e69c38543c44de532bb31184efa882afa79

SHA512
497830932fbacc4ef0fb91db87c37eae86d20e2333e95cc522babb2dd591f342ef9d038457e9f65724fc27b07a5475732fa7222c7e4adfdcf29361aa6ded84fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e15e32556f3a7b6b767c5c3677fe7f9c

SHA1
27d128c1e3a2f4c11e0fce4376c42337d7baf171

SHA256
7aaf655cb765867b5e8d272118d122acf7ca76b685b23f6793909f2cff762e80

SHA512
0c2f9f86fa7038d7bfd3806ae4b993f8ebb16eb2fa6f8ab0821f660a5f54090d06666f821636b6a3e7aced388f9bd1c64be37c3481ae017810a3b97a8eca3dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
01d859123a5eb9efecaf2e1ee8ce772b

SHA1
382f0238c5248c9a35bbe3eaadda1142e0cc9274

SHA256
21431a83f8411bb1340c67ec7fb97752745838200531268c44fdb0367c87408b

SHA512
ce6c5f85a71602da7259d4699bdd1048db8f8a7fb72417a2c4ff884dc7ed7d1aa068ad48df08bc6f82f6897386cca5ff7dafa71f1ac057f32b3bb747a0d9cb83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58fbb1.TMP

Filesize
873B

MD5
3c643db5df9ab8497eaec9a29ce455d7

SHA1
98e1fac8131e02f9bb1f39fd794135a71754797c

SHA256
707f0235866f16890af0046efce82a35af1edb4a4d6b52eca066b3ac06d6d14c

SHA512
5d18549531b0bfff138324be1ae81b8774aa77ceab310015034e0e1c7269b61ee170f1cadcb6a76c3df091d11e63e34d4a2f8943aca766b8526818320492724a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a28e5fe8da6d262f0289dc145de76658

SHA1
72a46f144df2f36a4768bc1aa91312735f106ad9

SHA256
dbe4a36f1b196b4b808403e5b8fe9bd3856b91e27afe1dce23caf9a5bedf586b

SHA512
9d6e27f2e0fb7dca45f76c95fe0cc4c1bab43c820e78fa99e5bb5be28e7ee3169a0de6c24003fca30adacf90f8c543126ee37123589f0eb805d6e3dd59c20088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a878b7e00498bce8bd883a055594f9e0

SHA1
5e53089124f3dd4f1bd52eb52a96eb18a70fac77

SHA256
81f605ccb22431605fa3a99c9c68df9d61f4edeeba279c3a056fe19630ed0ee1

SHA512
1d6898340dc6ad1d549edbd3f8eb437994c9cb2f78b57b9db74478ed8a4bbb66c60278b84417b00f24c9a3795157be65017191a2c547fc466f5278f559559038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1ccdf1f3056f6a88d1c3ec0a646e26cc

SHA1
52d334df5cb01b2d69e47da4deeb4a8ccc342d79

SHA256
a5c8bd4a3abf252812f3cd3ef79a659e2f89fe6c7218e4e61bee16ff14d97569

SHA512
7d060ac8da7ba70ca68c122da6265909b932c9af019f56b9ab2751722add47986314a23b94947e2cc216c3423bb3ca83c453d86434d6823d82152e55cb4efbe5

Download Submit