f0e2dd5e8614ff84a62d2d935fd65b2849219ba43ff17849165c8c13a4afea41

Analysis

max time kernel
961s
max time network
968s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
08/07/2024, 05:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

viewforum.html
Size

15KB
MD5

c1211dc08a12e28560f576e3816243a8
SHA1

f20f761505c7a5a905b6fc3ce24a9f1be975d4a0
SHA256

f0e2dd5e8614ff84a62d2d935fd65b2849219ba43ff17849165c8c13a4afea41
SHA512

1ed03062396243da5f03a4946531d266551efc8e513a4b30d4ff6250d6a7275944c19a384714c0204933e7e246d810240116feb4e130107493c606a0bf2ee0ed
SSDEEP

192:PNxyShvK9moqTJkNrv2317FNkXJrZm2S5z3ayM9lXZZbFIfIgRdY4jytpN:yShi9boJkNzg7F+6T5zayaJZbF8Lt4pN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648903165721465"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2196	msedge.exe
2196	msedge.exe
1836	msedge.exe
1836	msedge.exe
4156	identity_helper.exe
4156	identity_helper.exe
4460	msedge.exe
4460	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
1636	chrome.exe
1636	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 1660	1836	msedge.exe	79
PID 1836 wrote to memory of 1660	1836	msedge.exe	79
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 3204	1836	msedge.exe	80
PID 1836 wrote to memory of 2196	1836	msedge.exe	81
PID 1836 wrote to memory of 2196	1836	msedge.exe	81
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82
PID 1836 wrote to memory of 3212	1836	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\viewforum.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff953d03cb8,0x7ff953d03cc8,0x7ff953d03cd8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,13125494155048044793,13900939309745951885,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,13125494155048044793,13900939309745951885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,13125494155048044793,13900939309745951885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13125494155048044793,13900939309745951885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13125494155048044793,13900939309745951885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13125494155048044793,13900939309745951885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13125494155048044793,13900939309745951885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13125494155048044793,13900939309745951885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13125494155048044793,13900939309745951885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,13125494155048044793,13900939309745951885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,13125494155048044793,13900939309745951885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,13125494155048044793,13900939309745951885,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff93f9bab58,0x7ff93f9bab68,0x7ff93f9bab78
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4244 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=4720 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=3312 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=4688 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=4928 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=4728 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3448 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3968 --field-trial-handle=1960,i,14908128563663499560,4304381993709606219,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
33KB

MD5
54285d7f26ed4bc84ba79113426dcecb

SHA1
17dc89efec5df34a280459ffc0e27cb8467045ab

SHA256
b0754afe500a24201f740ed9c023d64483ca9183fa6361d759bb329462d25344

SHA512
88afabcad8dbb0f49cdea27c64783ec98ece295f139d50029d524950a5b40a7971f033529f7b60e5acdef5f0576bdcf107fa733bf439cc76693b654ebdd9a8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cef16c673e7bc22772f5f6f0c6ad4839

SHA1
a9f29aa3f8a52e2b13ef1d8821142c4705f2345c

SHA256
43d723516a4503024c466e173c1ecd50d8ab6c10f4b27954983669959f9ca0eb

SHA512
051b1376e1ae3150440ee5f1ffcd679b0ad2f88e7dd2a83f22aced2d2c92ab49df73861e52607fb2da0de4eff8885acae1cbdaa2b4f28a8d4bd2a97ff020e44a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cc9219f6d1dc07904391729a3afc3737

SHA1
b0a87a994392115dce9c7d3f81e8dadc8a3b459a

SHA256
9bf32605eb76a0b1d54a1e11b7fe76dcb1fe2150dc9a39f83e62cc7f3daa1375

SHA512
be5c278bdcfa086a22b3a0f7a5a6964f846ad8c43598d95077e1aeb6ce952c16b33afece441dbdb79139740e783fbd9df58a760027375112f41e8ca2ebc18c24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
24379d3cac5265878b1d1deda54bb127

SHA1
ec1e09fe7b79d2d71ac7c3666470691c19894190

SHA256
16325c2b5e1d03447abc9215e1132150539684dd94525b631feeff432b591bca

SHA512
73249bff9fb7dc96f6675c0a1d696f524d3079150bde2eae50143065b1870dd9c662eba5667ceb01a6d4bfb2bfed7bf00cbc273199c8be0cc4fbe2a5fd95e7a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
a74ce051396580c7aa8e6f2855c08211

SHA1
3cafe8794d66ba4af1cb55b3ef55318a062d7515

SHA256
59e53939bdfc445752ff26ad36e852e25b5c789bccc50174b93c9e1a0e826faf

SHA512
9ca95a9391239c01772cdd7f37ec0b2538d48757f00bed3c58cc1ec6ee2a00121f0a25d4c525a0a5cb9a0f6b5e16e69a75c34ed58faa763d5b688e081f7b643d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
906f6ccb3236ece1919124ef911a1d74

SHA1
b19c92f0acb03417bdbdbb7adf656db7f5d980b6

SHA256
17ce5d87800f4ebabf6bfb73e9062fcb134e3b7bd22632f4b7c90e93dc837c9a

SHA512
47a4dfb7c703b1b6fc6b7fd922cba983d9e5814012244d0c0cc715d94650fa4b4b69aafb3e784f8839c33a311920312eba6d5f2a8ada52ce8a34af3e2a6b5fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b297afa13018b3e24efaf2b905677172

SHA1
6d6d01d9b35901af0f4976d0819bab393e920f98

SHA256
e810acf7bb28b7577c33ad7b22b3b849858e45e9c16ba316b0ba945ef48337dc

SHA512
72dc4db9a40e9e0947c2d58835a75077d65f1f1939463aad5a81368be891890d8d19d1d9df858c957b5a43998ef6100b29710231496636cabc66a1e3a1cc6c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3f42f939f0a7c91eef0187527bc7babc

SHA1
66d141ee21ab2de3a37f1d92e327aa184d828fd5

SHA256
64a131bb18bd4844b4ea4b6bc84727c638b94523be764dad0b1407394c457c6d

SHA512
18d62cb1f7d7229c37432e83f2356c865099caa9d43f716b465e8624d9288b1a3024bba84a1e83f6721c31a71eecdadf4118848ce4a63bf1230be4e16ead4178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b32be09b64c34dcd6cc1c854ced3c45

SHA1
7bab9b5a59f27df8c98259f5d20a63e39e92056c

SHA256
cc014a32c0d9a6c0c34d639be32c6731fc44933ea1421005f23fd2826ee3c853

SHA512
87de7dcd0d9efa376b55b07d61e57f371297bf59a7e123a309a071c54b5287714de053691295e5a86a8ff76cb61c46072c8d0e125e422be3cb27c33d581923b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a87c3ae9488fa337e9365ddfefc34c2e

SHA1
0c9ac3f5537ed20b8d597616c9583207ccaa8ce0

SHA256
6dee64b8e2165d51b5d048473782193478a32c780c8acf795bb430fc211ee5fd

SHA512
f3565fb380896755637f0fae8491a826854cd48122d43587eea1b0c71eb0171ff351065f9248aca8cf16d8393f39f3f2628a2f396f7a8ffb9834e7ef9cb016dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3db0e5b6dc95b363a62e47b44facb053

SHA1
a03f20e1dab1559b10698bc7e6ab5bd4f0aa6bc5

SHA256
5d357fb0da33764896fdfea1f161c7a47fb605e169ad9e4fe3e475c4cb03fc41

SHA512
7e1ce1dc4ba12547e44eb8386f567f52bba8771362f4728d5bf176e7179706ab4a4a271a6167e7cd4df714c71ea2a4c72ff68cb8de5a7985d7a34b3bf785bd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
538cf4a91bd3120cf291a65fdcb68686

SHA1
573a381c8fca24cb1c6f06c08c5c347a8a5f6e8c

SHA256
49193d685f723dc6edca97c2a529b1d71d39b6d0a24f6bff10caa492cd98781a

SHA512
d4cb4e89a42d65e7bc5bbed1cee49da7c5d2ac34dccedf092a6d7679e76c2663678c189f764a4dc3b481c25250de04521aa154413162145f49df229e221bb7d3

Download Submit